summaryrefslogtreecommitdiffstats
path: root/src/man
diff options
context:
space:
mode:
Diffstat (limited to 'src/man')
-rw-r--r--src/man/po/as.po6314
-rw-r--r--src/man/po/bn.po6313
-rw-r--r--src/man/po/bs.po6315
-rw-r--r--src/man/po/ca.po6313
-rw-r--r--src/man/po/cs.po921
-rw-r--r--src/man/po/de.po6313
-rw-r--r--src/man/po/el.po6313
-rw-r--r--src/man/po/es.po2043
-rw-r--r--src/man/po/et.po6314
-rw-r--r--src/man/po/fa.po6314
-rw-r--r--src/man/po/fi.po6314
-rw-r--r--src/man/po/fr.po2549
-rw-r--r--src/man/po/hu.po6313
-rw-r--r--src/man/po/id.po6313
-rw-r--r--src/man/po/it.po6313
-rw-r--r--src/man/po/ja.po3227
-rw-r--r--src/man/po/ja_JP.po6313
-rw-r--r--src/man/po/ko.po6313
-rw-r--r--src/man/po/lt.po6315
-rw-r--r--src/man/po/nb.po6313
-rw-r--r--src/man/po/nl.po1118
-rw-r--r--src/man/po/nn.po6313
-rw-r--r--src/man/po/po4a.cfg2
-rw-r--r--src/man/po/pt.po1242
-rw-r--r--src/man/po/pt_BR.po6313
-rw-r--r--src/man/po/ru.po999
-rw-r--r--src/man/po/sk.po6313
-rw-r--r--src/man/po/sq.po6314
-rw-r--r--src/man/po/sr.po6314
-rw-r--r--src/man/po/sssd-docs.pot909
-rw-r--r--src/man/po/ta.po6313
-rw-r--r--src/man/po/tg.po (renamed from src/man/po/pl.po)994
-rw-r--r--src/man/po/tr.po6314
-rw-r--r--src/man/po/uk.po1740
-rw-r--r--src/man/po/ur.po6313
-rw-r--r--src/man/po/vi.po6314
-rw-r--r--src/man/po/zh_CN.po6314
-rw-r--r--src/man/po/zh_TW.po6313
38 files changed, 10728 insertions, 175480 deletions
diff --git a/src/man/po/as.po b/src/man/po/as.po
deleted file mode 100644
index 98a5bbd9b..000000000
--- a/src/man/po/as.po
+++ /dev/null
@@ -1,6314 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Assamese (http://www.transifex.net/projects/p/fedora/team/"
-"as/)\n"
-"Language: as\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-" <replaceable>[section]</replaceable>\n"
-" <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-" <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start. This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD. The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains. <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds. (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password. If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests. In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations. During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully. For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever. The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain. Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain. There are two built-in "
-"access providers (in addition to any included in installed backends) "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain. "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server. See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings. Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users. "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users. Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted. If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed. The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details. <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel. If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy. If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to) "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used. The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server. Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server. With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN. Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime) will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call. Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'. If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites. Typically this is a colon sperated "
-"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use. When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT). This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames. If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options. Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details. <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules. The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping. For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing. <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-" [domain/LDAP]\n"
-" id_provider = ldap\n"
-" auth_provider = ldap\n"
-" ldap_uri = ldap://ldap.mydomain.org\n"
-" ldap_search_base = dc=mydomain,dc=org\n"
-" ldap_tls_reqcert = demand\n"
-" cache_credentials = true\n"
-" enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use. Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-" [domain/example.com]\n"
-" access_provider = simple\n"
-" simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server. (Refer to "
-"the freeipa.org web site for information about IPA servers.) This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options. IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain. This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
-"This is optional if autodiscovery is enabled. For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-" [domain/example.com]\n"
-" id_provider = ipa\n"
-" ipa_server = ipaserver.example.com\n"
-" ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively. The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account. The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory. The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>. The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units. If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units. If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain. "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-" [domain/FOO]\n"
-" auth_provider = krb5\n"
-" krb5_server = 192.168.1.1\n"
-" krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>. If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy. Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service. The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/bn.po b/src/man/po/bn.po
deleted file mode 100644
index 10228db7b..000000000
--- a/src/man/po/bn.po
+++ /dev/null
@@ -1,6313 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Bengali <info@ankur.org.bd>\n"
-"Language: bn\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-" <replaceable>[section]</replaceable>\n"
-" <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-" <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start. This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD. The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains. <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds. (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password. If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests. In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations. During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully. For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever. The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain. Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain. There are two built-in "
-"access providers (in addition to any included in installed backends) "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain. "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server. See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings. Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users. "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users. Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted. If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed. The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details. <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel. If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy. If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to) "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used. The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server. Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server. With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN. Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password inactivity period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
-msgid "Default: shadowInactive"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
-msgid "ldap_user_shadow_expire (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
-msgid ""
-"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
-"parameter contains the name of an LDAP attribute corresponding to its "
-"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> counterpart (account expiration date)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
-msgid "Default: shadowExpire"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
-msgid "ldap_user_krb_last_pwd_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time of last password change in "
-"kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
-msgid "Default: krbLastPwdChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
-msgid "ldap_user_krb_password_expiration (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
-msgid ""
-"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
-"an LDAP attribute storing the date and time when current password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
-msgid "Default: krbPasswordExpiration"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
-msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the expiration time of the account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
-msgid "Default: accountExpires"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
-msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
-msgid ""
-"When using ldap_account_expire_policy=ad, this parameter contains the name "
-"of an LDAP attribute storing the user account control bit field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
-msgid "Default: userAccountControl"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
-msgid "ldap_ns_account_lock (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
-msgid ""
-"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
-"determines if access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
-msgid "Default: nsAccountLock"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
-msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines if "
-"access is allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
-msgid "Default: loginDisabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
-msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines until "
-"which date access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
-msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
-msgid ""
-"When using ldap_account_expire_policy=nds, this attribute determines the "
-"hours of a day in a week when access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
-msgid "Default: loginAllowedTimeMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
-msgid "ldap_user_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
-msgid ""
-"The LDAP attribute that contains the user's Kerberos User Principal Name "
-"(UPN)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
-msgid "Default: krbPrincipalName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
-msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
-msgid "The LDAP attribute that contains the user's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
-msgid "ldap_force_upper_case_realm (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
-msgid ""
-"Some directory servers, for example Active Directory, might deliver the "
-"realm part of the UPN in lower case, which might cause the authentication to "
-"fail. Set this option to a non-zero value if you want to use an upper-case "
-"realm."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
-msgid "ldap_enumeration_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
-msgid ""
-"Specifies how many seconds SSSD has to wait before refreshing its cache of "
-"enumerated records."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
-msgid "Default: 300"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
-msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
-msgid ""
-"Determine how often to check the cache for inactive entries (such as groups "
-"with no members and users who have never logged in) and remove them to save "
-"space."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
-msgid "Setting this option to zero will disable the cache cleanup operation."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
-msgid "Default: 10800 (12 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
-msgid "ldap_user_fullname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
-msgid "The LDAP attribute that corresponds to the user's full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
-msgid "Default: cn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
-msgid "ldap_user_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
-msgid "The LDAP attribute that lists the user's group memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
-msgid "Default: memberOf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
-msgid "ldap_user_authorized_service (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
-msgid ""
-"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
-"use the presence of the authorizedService attribute in the user's LDAP entry "
-"to determine access privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
-msgid ""
-"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
-"explicit allow (svc) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
-msgid "Default: authorizedService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
-msgid "ldap_user_authorized_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
-msgid ""
-"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
-"presence of the host attribute in the user's LDAP entry to determine access "
-"privilege."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
-msgid ""
-"An explicit deny (!host) is resolved first. Second, SSSD searches for "
-"explicit allow (host) and finally for allow_all (*)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
-msgid "Default: host"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
-msgid "ldap_group_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
-msgid "The object class of a group entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
-msgid "Default: posixGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
-msgid "ldap_group_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
-msgid "The LDAP attribute that corresponds to the group name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
-msgid "ldap_group_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
-msgid "The LDAP attribute that corresponds to the group's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
-msgid "ldap_group_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
-msgid "The LDAP attribute that contains the names of the group's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
-msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
-msgid "ldap_group_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
-msgid "ldap_group_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
-msgid "ldap_group_nesting_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
-msgid ""
-"If ldap_schema is set to a schema format that supports nested groups (e.g. "
-"RFC2307bis), then this option controls how many levels of nesting SSSD will "
-"follow. This option has no effect on the RFC2307 schema."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
-msgid "Default: 2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
-msgid "ldap_netgroup_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
-msgid "The object class of a netgroup entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
-msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
-msgid "Default: nisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
-msgid "ldap_netgroup_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
-msgid "The LDAP attribute that corresponds to the netgroup name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
-msgid "In IPA provider, ipa_netgroup_name should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
-msgid "ldap_netgroup_member (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
-msgid "The LDAP attribute that contains the names of the netgroup's members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
-msgid "In IPA provider, ipa_netgroup_member should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
-msgid "Default: memberNisNetgroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
-msgid "ldap_netgroup_triple (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
-msgid ""
-"The LDAP attribute that contains the (host, user, domain) netgroup triples."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
-msgid "This option is not available in IPA provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
-msgid "Default: nisNetgroupTriple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
-msgid "ldap_netgroup_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
-msgid ""
-"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
-msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
-msgid "ldap_netgroup_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
-msgid "ldap_service_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
-msgid "The object class of a service entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
-msgid "Default: ipService"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
-msgid "ldap_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
-msgid ""
-"The LDAP attribute that contains the name of service attributes and their "
-"aliases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
-msgid "ldap_service_port (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
-msgid "The LDAP attribute that contains the port managed by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
-msgid "Default: ipServicePort"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
-msgid "ldap_service_proto (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
-msgid ""
-"The LDAP attribute that contains the protocols understood by this service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
-msgid "Default: ipServiceProtocol"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
-msgid "ldap_service_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
-msgid "An optional base DN to restrict service searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
-msgid ""
-"See <quote>ldap_search_base</quote> for information about configuring "
-"multiple search bases."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
-#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
-msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
-msgid "ldap_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches are allowed to run "
-"before they are cancelled and cached results are returned (and offline mode "
-"is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
-msgid ""
-"Note: this option is subject to change in future versions of the SSSD. It "
-"will likely be replaced at some point by a series of timeouts for specific "
-"lookup types."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
-msgid "Default: 6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
-msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
-msgid ""
-"Specifies the timeout (in seconds) that ldap searches for user and group "
-"enumerations are allowed to run before they are cancelled and cached results "
-"are returned (and offline mode is entered)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
-msgid "ldap_network_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
-msgid ""
-"Specifies the timeout (in seconds) after which the <citerefentry> "
-"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
-"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
-"manvolnum> </citerefentry> following a <citerefentry> "
-"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
-"citerefentry> returns in case of no activity."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
-msgid "ldap_opt_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
-msgid ""
-"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
-"will abort if no response is received. Also controls the timeout when "
-"communicating with the KDC in case of SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
-msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
-msgid ""
-"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
-"maintained. After this time, the connection will be re-established. If used "
-"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
-"the TGT lifetime) will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
-msgid "Default: 900 (15 minutes)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
-msgid "ldap_page_size (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
-msgid ""
-"Specify the number of records to retrieve from LDAP in a single request. "
-"Some LDAP servers enforce a maximum limit per-request."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
-msgid "Default: 1000"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
-msgid ""
-"Disable the LDAP paging control. This option should be used if the LDAP "
-"server reports that it supports the LDAP paging control in its RootDSE but "
-"it is not enabled or does not behave properly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
-msgid ""
-"Example: OpenLDAP servers with the paging control module installed on the "
-"server but not enabled will report it in the RootDSE but be unable to use it."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
-msgid ""
-"Example: 389 DS has a bug where it can only support a one paging control at "
-"a time on a single connection. On busy clients, this can result in some "
-"requests being denied."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
-msgid "ldap_deref_threshold (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
-msgid ""
-"Specify the number of group members that must be missing from the internal "
-"cache in order to trigger a dereference lookup. If less members are missing, "
-"they are looked up individually."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
-msgid ""
-"You can turn off dereference lookups completely by setting the value to 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
-msgid ""
-"A dereference lookup is a means of fetching all group members in a single "
-"LDAP call. Different LDAP servers may implement different dereference "
-"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
-"Directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
-msgid ""
-"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
-"filter, then the dereference lookup performance enhancement will be disabled "
-"regardless of this setting."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
-msgid "ldap_tls_reqcert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
-msgid ""
-"Specifies what checks to perform on server certificates in a TLS session, if "
-"any. It can be specified as one of the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
-msgid ""
-"<emphasis>never</emphasis> = The client will not request or check any server "
-"certificate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
-msgid ""
-"<emphasis>allow</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, it will be ignored and the session proceeds normally."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
-msgid ""
-"<emphasis>try</emphasis> = The server certificate is requested. If no "
-"certificate is provided, the session proceeds normally. If a bad certificate "
-"is provided, the session is immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
-msgid ""
-"<emphasis>demand</emphasis> = The server certificate is requested. If no "
-"certificate is provided, or a bad certificate is provided, the session is "
-"immediately terminated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
-msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
-msgid "Default: hard"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
-msgid "ldap_tls_cacert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
-msgid ""
-"Specifies the file that contains certificates for all of the Certificate "
-"Authorities that <command>sssd</command> will recognize."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
-msgid ""
-"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
-"conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
-msgid "ldap_tls_cacertdir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
-msgid ""
-"Specifies the path of a directory that contains Certificate Authority "
-"certificates in separate individual files. Typically the file names need to "
-"be the hash of the certificate followed by '.0'. If available, "
-"<command>cacertdir_rehash</command> can be used to create the correct names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
-msgid "ldap_tls_cert (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
-msgid "Specifies the file that contains the certificate for the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
-msgid "Default: not set"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
-msgid "ldap_tls_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
-msgid "Specifies the file that contains the client's key."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
-msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
-msgid ""
-"Specifies acceptable cipher suites. Typically this is a colon sperated "
-"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> for format."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
-msgid "ldap_id_use_start_tls (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
-msgid ""
-"Specifies that the id_provider connection must also use <systemitem class="
-"\"protocol\">tls</systemitem> to protect the channel."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
-msgid ""
-"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
-"supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
-msgid "ldap_sasl_authid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
-msgid ""
-"Specify the SASL authorization id to use. When GSSAPI is used, this "
-"represents the Kerberos principal used for authentication to the directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
-msgid "Default: host/machine.fqdn@REALM"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
-msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
-msgid ""
-"If set to true, the LDAP library would perform a reverse lookup to "
-"canonicalize the host name during a SASL bind."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
-msgid "Default: false;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
-msgid "ldap_krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
-msgid "Specify the keytab to use when using SASL/GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
-msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
-msgid "ldap_krb5_init_creds (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
-msgid ""
-"Specifies that the id_provider should init Kerberos credentials (TGT). This "
-"action is performed only if SASL is used and the mechanism selected is "
-"GSSAPI."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
-msgid "ldap_krb5_ticket_lifetime (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
-msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
-msgid "Default: 86400 (24 hours)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
-msgid "krb5_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
-msgid ""
-"Specifies the comma-separated list of IP addresses or hostnames of the "
-"Kerberos servers to which SSSD should connect in the order of preference. "
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
-"colon) may be appended to the addresses or hostnames. If empty, service "
-"discovery is enabled - for more information, refer to the <quote>SERVICE "
-"DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
-msgid ""
-"When using service discovery for KDC or kpasswd servers, SSSD first searches "
-"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-"none are found."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
-msgid ""
-"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
-"While the legacy name is recognized for the time being, users are advised to "
-"migrate their config files to use <quote>krb5_server</quote> instead."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
-msgid "krb5_realm (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
-msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
-msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
-msgid "krb5_canonicalize (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
-msgid ""
-"Specifies if the host principal should be canonicalized when connecting to "
-"LDAP server. This feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
-msgid "ldap_pwd_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
-msgid ""
-"Select the policy to evaluate the password expiration on the client side. "
-"The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
-msgid ""
-"<emphasis>none</emphasis> - No evaluation on the client side. This option "
-"cannot disable server-side password policies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
-msgid ""
-"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-"evaluate if the password has expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
-msgid ""
-"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
-"to determine if the password has expired. Use chpass_provider=krb5 to update "
-"these attributes when the password is changed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
-msgid "ldap_referrals (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
-msgid "Specifies whether automatic referral chasing should be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
-msgid ""
-"Please note that sssd only supports referral chasing when it is compiled "
-"with OpenLDAP version 2.4.13 or higher."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
-msgid "ldap_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
-msgid "Specifies the service name to use when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
-msgid "Default: ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
-msgid "ldap_chpass_dns_service_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
-msgid ""
-"Specifies the service name to use to find an LDAP server which allows "
-"password changes when service discovery is enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
-msgid "Default: not set, i.e. service discovery is disabled"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
-msgid "ldap_access_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
-msgid ""
-"If using access_provider = ldap, this option is mandatory. It specifies an "
-"LDAP search filter criteria that must be met for the user to be granted "
-"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
-msgid "Example:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
-#, no-wrap
-msgid ""
-"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
-msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
-msgid ""
-"Offline caching for this feature is limited to determining whether the "
-"user's last online login was granted access permission. If they were granted "
-"access during their last login, they will continue to be granted access "
-"while offline and vice-versa."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
-msgid "Default: Empty"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
-msgid "ldap_account_expire_policy (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
-msgid ""
-"With this option a client side evaluation of access control attributes can "
-"be enabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
-msgid ""
-"Please note that it is always recommended to use server side access control, "
-"i.e. the LDAP server should deny the bind request with a suitable error code "
-"even if the password is correct."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
-msgid "The following values are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
-msgid ""
-"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
-"determine if the account is expired."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
-msgid ""
-"<emphasis>ad</emphasis>: use the value of the 32bit field "
-"ldap_user_ad_user_account_control and allow access if the second bit is not "
-"set. If the attribute is missing access is granted. Also the expiration time "
-"of the account is checked."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
-msgid ""
-"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
-"emphasis>: use the value of ldap_ns_account_lock to check if access is "
-"allowed or not."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
-msgid ""
-"<emphasis>nds</emphasis>: the values of "
-"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
-"If both attributes are missing access is granted."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
-msgid "ldap_access_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
-msgid "Comma separated list of access control options. Allowed values are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
-msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
-msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
-msgid ""
-"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
-"to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
-msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
-msgid "Default: filter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
-msgid ""
-"Please note that it is a configuration error if a value is used more than "
-"once."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
-msgid "ldap_deref (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
-msgid ""
-"Specifies how alias dereferencing is done when performing a search. The "
-"following options are allowed:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
-msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
-msgid ""
-"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
-"the base object, but not in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
-msgid ""
-"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
-"the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
-msgid ""
-"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
-"in locating the base object of the search."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
-msgid ""
-"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
-"client libraries)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:51
-msgid ""
-"All of the common configuration options that apply to SSSD domains also "
-"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for full details. <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
-msgid "SUDO OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
-msgid "ldap_sudorule_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
-msgid "The object class of a sudo rule entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
-msgid "Default: sudoRole"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
-msgid "ldap_sudorule_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
-msgid "The LDAP attribute that corresponds to the sudo rule name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
-msgid "ldap_sudorule_command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
-msgid "The LDAP attribute that corresponds to the command name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
-msgid "Default: sudoCommand"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
-msgid "ldap_sudorule_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
-msgid ""
-"The LDAP attribute that corresponds to the host name (or host IP address, "
-"host IP network, or host netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
-msgid "Default: sudoHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
-msgid "ldap_sudorule_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
-msgid ""
-"The LDAP attribute that corresponds to the user name (or UID, group name or "
-"user's netgroup)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
-msgid "Default: sudoUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
-msgid "ldap_sudorule_option (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
-msgid "The LDAP attribute that corresponds to the sudo options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
-msgid "Default: sudoOption"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
-msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
-msgid ""
-"The LDAP attribute that corresponds to the user name that commands may be "
-"run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
-msgid "Default: sudoRunAsUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
-msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
-msgid ""
-"The LDAP attribute that corresponds to the group name or group GID that "
-"commands may be run as."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
-msgid "Default: sudoRunAsGroup"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
-msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
-msgid ""
-"The LDAP attribute that corresponds to the start date/time for when the sudo "
-"rule is valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
-msgid "Default: sudoNotBefore"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
-msgid "ldap_sudorule_notafter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
-msgid ""
-"The LDAP attribute that corresponds to the expiration date/time, after which "
-"the sudo rule will no longer be valid."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
-msgid "Default: sudoNotAfter"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
-msgid "ldap_sudorule_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
-msgid "The LDAP attribute that corresponds to the ordering index of the rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
-msgid "Default: sudoOrder"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
-msgid "ldap_sudo_refresh_enabled (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
-msgid ""
-"Enables periodical download of all sudo rules. The cache is purged before "
-"each update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
-msgid "ldap_sudo_refresh_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
-msgid ""
-"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
-msgid ""
-"This manual page only describes attribute name mapping. For detailed "
-"explanation of sudo related attribute sematics, see <citerefentry> "
-"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
-msgid "AUTOFS OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
-msgid ""
-"Please note that the default values correspond to the default schema which "
-"is RFC2307."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
-msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
-msgid "The object class of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
-msgid "Default: automountMap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
-msgid "ldap_autofs_map_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
-msgid "The name of an automount map entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
-msgid "Default: ou"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
-msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
-msgid "ldap_autofs_entry_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
-msgid ""
-"The key of an automount entry in LDAP. The entry usually corresponds to a "
-"mount point."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
-msgid "ldap_autofs_entry_value (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
-msgid "Default: automountInformation"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
-msgid ""
-"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
-"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
-"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
-msgid "ADVANCED OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
-msgid "ldap_netgroup_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
-msgid ""
-"An optional base DN to restrict netgroup searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
-msgid "ldap_user_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
-msgid "An optional base DN to restrict user searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
-msgid "ldap_group_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
-msgid "An optional base DN to restrict group searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
-#, no-wrap
-msgid ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
-msgid "ldap_sudo_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
-msgid ""
-"An optional base DN to restrict sudo rules searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
-msgid "ldap_autofs_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
-msgid ""
-"An optional base DN to restrict automounter searches to a specific subtree."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
-msgid ""
-"These options are supported by LDAP domains, but they should be used with "
-"caution. Please include them in your configuration only if you know what you "
-"are doing. <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
-msgid ""
-"The following example assumes that SSSD is correctly configured and LDAP is "
-"set to one of the domains in the <replaceable>[domains]</replaceable> "
-"section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
-#, no-wrap
-msgid ""
-" [domain/LDAP]\n"
-" id_provider = ldap\n"
-" auth_provider = ldap\n"
-" ldap_uri = ldap://ldap.mydomain.org\n"
-" ldap_search_base = dc=mydomain,dc=org\n"
-" ldap_tls_reqcert = demand\n"
-" cache_credentials = true\n"
-" enumerate = true\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
-msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
-msgid "NOTES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
-msgid ""
-"The descriptions of some of the configuration options in this manual page "
-"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
-"distribution."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <refentryinfo>
-#: pam_sss.8.xml:8 include/upstream.xml:2
-msgid ""
-"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
-"fedorahosted.org/sssd</orgname>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: pam_sss.8.xml:13 pam_sss.8.xml:18
-msgid "pam_sss"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: pam_sss.8.xml:19
-msgid "PAM module for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: pam_sss.8.xml:24
-msgid ""
-"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
-"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
-msgid ""
-"<command>pam_sss.so</command> is the PAM interface to the System Security "
-"Services daemon (SSSD). Errors and results are logged through <command>syslog"
-"(3)</command> with the LOG_AUTHPRIV facility."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
-msgid "<option>quiet</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
-msgid "Suppress log messages for unknown users."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
-msgid "<option>forward_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
-msgid ""
-"If <option>forward_pass</option> is set the entered password is put on the "
-"stack for other PAM modules to use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
-msgid "<option>use_first_pass</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
-msgid ""
-"The argument use_first_pass forces the module to use a previous stacked "
-"modules password and will never prompt the user - if no password is "
-"available or the password is not appropriate, the user will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
-msgid "<option>use_authtok</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
-msgid ""
-"When password changing enforce the module to set the new password to the one "
-"provided by a previously stacked password module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
-msgid "<option>retry=N</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
-msgid ""
-"If specified the user is asked another N times for a password if "
-"authentication fails. Default is 0."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
-msgid ""
-"Please note that this option might not work as expected if the application "
-"calling PAM handles the user dialog on its own. A typical example is "
-"<command>sshd</command> with <option>PasswordAuthentication</option>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
-msgid "MODULE TYPES PROVIDED"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
-msgid ""
-"All module types (<option>account</option>, <option>auth</option>, "
-"<option>password</option> and <option>session</option>) are provided."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
-msgid "FILES"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
-msgid ""
-"If a password reset by root fails, because the corresponding SSSD provider "
-"does not support password resets, an individual message can be displayed. "
-"This message can e.g. contain instructions about how to reset a password."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
-msgid ""
-"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
-"filename> where LOC stands for a locale string returned by <citerefentry> "
-"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
-"citerefentry>. If there is no matching file the content of "
-"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
-"the owner of the files and only root may have read and write permissions "
-"while all other users must have only read permissions."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
-msgid ""
-"These files are searched in the directory <filename>/etc/sssd/customize/"
-"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
-"displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:141
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
-msgid "sssd_krb5_locator_plugin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:22
-msgid ""
-"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
-"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
-"libraries what Realm and which KDC to use. Typically this is done in "
-"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
-"To simplify the configuration the Realm and the KDC can be defined in "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry> puts the Realm and the name or IP address of the KDC into "
-"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
-"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variables and returns them to the "
-"libraries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:63
-msgid ""
-"Not all Kerberos implementations support the use of plugins. If "
-"<command>sssd_krb5_locator_plugin</command> is not available on your system "
-"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:69
-msgid ""
-"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
-"debug messages will be sent to stderr."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd_krb5_locator_plugin.8.xml:77
-msgid ""
-"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
-msgid "sssd-simple"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd-simple.5.xml:17
-msgid "the configuration file for SSSD's 'simple' access-control provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:24
-msgid ""
-"This manual page describes the configuration of the simple access-control "
-"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, "
-"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:38
-msgid ""
-"The simple access provider grants or denies access based on an access or "
-"deny list of user or group names. The following rules apply:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:43
-msgid "If all lists are empty, access is granted"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:47
-msgid ""
-"If any list is provided, the order of evaluation is allow,deny. This means "
-"that any matching deny rule will supersede any matched allow rule."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:54
-msgid ""
-"If either or both \"allow\" lists are provided, all users are denied unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
-#: sssd-simple.5.xml:60
-msgid ""
-"If only \"deny\" lists are provided, all users are granted access unless "
-"they appear in the list."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:78
-msgid "simple_allow_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:81
-msgid "Comma separated list of users who are allowed to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:88
-msgid "simple_deny_users (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:91
-msgid "Comma separated list of users who are explicitly denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:97
-msgid "simple_allow_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:100
-msgid ""
-"Comma separated list of groups that are allowed to log in. This applies only "
-"to groups within this SSSD domain. Local groups are not evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-simple.5.xml:108
-msgid "simple_deny_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-simple.5.xml:111
-msgid ""
-"Comma separated list of groups that are explicitly denied access. This "
-"applies only to groups within this SSSD domain. Local groups are not "
-"evaluated."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
-msgid ""
-"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
-"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> manual page for details on the configuration of an SSSD "
-"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:120
-msgid ""
-"Please note that it is an configuration error if both, simple_allow_users "
-"and simple_deny_users, are defined."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:128
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the simple access provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-simple.5.xml:135
-#, no-wrap
-msgid ""
-" [domain/example.com]\n"
-" access_provider = simple\n"
-" simple_allow_users = user1, user2\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:145
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
-msgid "sssd-ipa"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:23
-msgid ""
-"This manual page describes the configuration of the IPA provider for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
-"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:36
-msgid ""
-"The IPA provider is a back end used to connect to an IPA server. (Refer to "
-"the freeipa.org web site for information about IPA servers.) This provider "
-"requires that the machine be joined to the IPA domain; configuration is "
-"almost entirely self-discovered and obtained directly from the server."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:43
-msgid ""
-"The IPA provider accepts the same options used by the <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
-"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider with some exceptions described below."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:55
-msgid ""
-"However, it is neither necessary nor recommended to set these options. IPA "
-"provider can also be used as an access and chpass provider. As an access "
-"provider it uses HBAC (host-based access control) rules. Please refer to "
-"freeipa.org for more information about HBAC. No configuration of access "
-"provider is required on the client side."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:72
-msgid "ipa_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:75
-msgid ""
-"Specifies the name of the IPA domain. This is optional. If not provided, "
-"the configuration domain name is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:83
-msgid "ipa_server (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:86
-msgid ""
-"The comma-separated list of IP addresses or hostnames of the IPA servers to "
-"which SSSD should connect in the order of preference. For more information "
-"on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
-"This is optional if autodiscovery is enabled. For more information on "
-"service discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:99
-msgid "ipa_hostname (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:102
-msgid ""
-"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:110
-msgid "ipa_dyndns_update (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:113
-msgid ""
-"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:118
-msgid ""
-"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
-"the default Kerberos realm must be set properly in /etc/krb5.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:129
-msgid "ipa_dyndns_iface (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:132
-msgid ""
-"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
-"interface whose IP address should be used for dynamic DNS updates."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:137
-msgid "Default: Use the IP address of the IPA LDAP connection"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:143
-msgid "ipa_hbac_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:146
-msgid "Optional. Use the given string as search base for HBAC related objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:150
-msgid "Default: Use base DN"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:156
-msgid "ipa_host_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:159
-msgid "Optional. Use the given string as search base for host objects."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:180
-msgid "ipa_selinux_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
-msgid "Optional. Use the given string as search base for SELinux user maps."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
-msgid "krb5_validate (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
-msgid ""
-"Verify with the help of krb5_keytab that the TGT obtained has not been "
-"spoofed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
-msgid ""
-"Note that this default differs from the traditional Kerberos provider back "
-"end."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
-msgid ""
-"The name of the Kerberos realm. This is optional and defaults to the value "
-"of <quote>ipa_domain</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
-msgid ""
-"The name of the Kerberos realm has a special meaning in IPA - it is "
-"converted into the base DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
-msgid ""
-"Specifies if the host and user principal should be canonicalized when "
-"connecting to IPA LDAP and also for AS requests. This feature is available "
-"with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
-msgid "ipa_hbac_refresh (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
-msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
-msgid "Default: 5 (seconds)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
-msgid "ipa_hbac_treat_deny_as (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
-msgid ""
-"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
-"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
-"of FreeIPA will need to migrate their rules to use only the ALLOW rules. The "
-"client will support two modes of operation during this transition period:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
-msgid ""
-"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
-"users will be denied access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
-msgid ""
-"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
-"careful with this option, as it may result in opening unintended access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
-msgid "Default: DENY_ALL"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
-msgid "ipa_automount_location (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
-msgid "The automounter location this IPA client will be using"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Default: The location named \"default\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
-msgid ""
-"The following example assumes that SSSD is correctly configured and example."
-"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-"This examples shows only the ipa provider-specific options."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
-#, no-wrap
-msgid ""
-" [domain/example.com]\n"
-" id_provider = ipa\n"
-" ipa_server = ipaserver.example.com\n"
-" ipa_hostname = myhost.example.com\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sssd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.8.xml:10 sssd.8.xml:15
-msgid "sssd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.8.xml:16
-msgid "System Security Services Daemon"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sssd.8.xml:21
-msgid ""
-"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:31
-msgid ""
-"<command>SSSD</command> provides a set of daemons to manage access to remote "
-"directories and authentication mechanisms. It provides an NSS and PAM "
-"interface toward the system and a pluggable backend system to connect to "
-"multiple different account sources as well as D-Bus interface. It is also "
-"the basis to provide client auditing and policy services for projects like "
-"FreeIPA. It provides a more robust database to store local users as well as "
-"extended user data."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:46
-msgid ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:53
-msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:57
-msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:60
-msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:69
-msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:73
-msgid ""
-"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:76
-msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:85
-msgid "<option>-f</option>,<option>--debug-to-files</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:89
-msgid ""
-"Send the debug output to files instead of stderr. By default, the log files "
-"are stored in <filename>/var/log/sssd</filename> and there are separate log "
-"files for every SSSD service and domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:97
-msgid "<option>-D</option>,<option>--daemon</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:101
-msgid "Become a daemon after starting up."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:107
-msgid "<option>-i</option>,<option>--interactive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:111
-msgid "Run in the foreground, don't become a daemon."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>-c</option>,<option>--config</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
-"conf</filename>. For reference on the config file syntax and options, "
-"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:135
-msgid "<option>--version</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:139
-msgid "Print version number and exit."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:147
-msgid "Signals"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:150
-msgid "SIGTERM/SIGINT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:153
-msgid ""
-"Informs the SSSD to gracefully terminate all of its child processes and then "
-"shut down the monitor."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:159
-msgid "SIGHUP"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:162
-msgid ""
-"Tells the SSSD to stop writing to its current debug file descriptors and to "
-"close and reopen them. This is meant to facilitate log rolling with programs "
-"like logrotate."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
-msgid "SIGUSR1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
-msgid ""
-"Tells the SSSD to simulate offline operation for one minute. This is mostly "
-"useful for testing purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:179
-msgid "SIGUSR2"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:182
-msgid ""
-"Tells the SSSD to go online immediately. This is mostly useful for testing "
-"purposes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:193
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-msgid "sss_obfuscate"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_obfuscate.8.xml:16
-msgid "obfuscate a clear text password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_obfuscate.8.xml:21
-msgid ""
-"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
-"replaceable></arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:32
-msgid ""
-"<command>sss_obfuscate</command> converts a given password into human-"
-"unreadable format and places it into appropriate domain section of the SSSD "
-"config file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:37
-msgid ""
-"The cleartext password is read from standard input or entered "
-"interactively. The obfuscated password is put into "
-"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
-"<quote>ldap_default_authtok_type</quote> parameter is set to "
-"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more details on these parameters."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:49
-msgid ""
-"Please note that obfuscating the password provides <emphasis>no real "
-"security benefit</emphasis> as it is still possible for an attacker to "
-"reverse-engineer the password back. Using better authentication mechanisms "
-"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
-"advised."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:63
-msgid "<option>-s</option>,<option>--stdin</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:67
-msgid "The password to obfuscate will be read from standard input."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74
-msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:79
-msgid ""
-"The SSSD domain to use the password in. The default name is <quote>default</"
-"quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:86
-msgid ""
-"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:91
-msgid "Read the config file specified by the positional parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_obfuscate.8.xml:95
-msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_obfuscate.8.xml:105
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
-msgid "sss_useradd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_useradd.8.xml:16
-msgid "create a new user"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_useradd.8.xml:21
-msgid ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:32
-msgid ""
-"<command>sss_useradd</command> creates a new user account using the values "
-"specified on the command line plus the default values from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:43
-msgid ""
-"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:48
-msgid ""
-"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
-msgid ""
-"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
-msgid ""
-"Any text string describing the user. Often used as the field for the user's "
-"full name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
-msgid ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:72
-msgid ""
-"The home directory of the user account. The default is to append the "
-"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
-"that as the home directory. The base that is prepended before "
-"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
-"baseDirectory</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
-msgid ""
-"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:87
-msgid ""
-"The user's login shell. The default is currently <filename>/bin/bash</"
-"filename>. The default can be changed with <quote>user_defaults/"
-"defaultShell</quote> setting in sssd.conf."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:96
-msgid ""
-"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:101
-msgid "A list of existing groups this user is also a member of."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:107
-msgid "<option>-m</option>,<option>--create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:111
-msgid ""
-"Create the user's home directory if it does not exist. The files and "
-"directories contained in the skeleton directory (which can be defined with "
-"the -k option or in the config file) will be copied to the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:121
-msgid "<option>-M</option>,<option>--no-create-home</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:125
-msgid ""
-"Do not create the user's home directory. Overrides configuration settings."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:132
-msgid ""
-"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:137
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<command>sss_useradd</command>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:143
-msgid ""
-"This option is only valid if the <option>-m</option> (or <option>--create-"
-"home</option>) option is specified, or creation of home directories is set "
-"to TRUE in the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
-msgid ""
-"<option>-Z</option>,<option>--selinux-user</option> "
-"<replaceable>SELINUX_USER</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_useradd.8.xml:157
-msgid ""
-"The SELinux user for the user's login. If not specified, the system default "
-"will be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
-msgid "sssd-krb5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:23
-msgid ""
-"This manual page describes the configuration of the Kerberos 5 "
-"authentication backend for <citerefentry> <refentrytitle>sssd</"
-"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed "
-"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
-"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:36
-msgid ""
-"The Kerberos 5 authentication backend contains auth and chpass providers. It "
-"must be paired with identity provider in order to function properly (for "
-"example, id_provider = ldap). Some information required by the Kerberos 5 "
-"authentication backend must be provided by the identity provider, such as "
-"the user's Kerberos Principal Name (UPN). The configuration of the identity "
-"provider should have an entry to specify the UPN. Please refer to the man "
-"page for the applicable identity provider for details on how to configure "
-"this."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:47
-msgid ""
-"This backend also provides access control based on the .k5login file in the "
-"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
-"Please note that an empty .k5login file will deny all access to this user. "
-"To activate this feature use 'access_provider = krb5' in your sssd "
-"configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:55
-msgid ""
-"In the case where the UPN is not available in the identity backend "
-"<command>sssd</command> will construct a UPN using the format "
-"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:106
-msgid ""
-"The name of the Kerberos realm. This option is required and must be "
-"specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:113
-msgid "krb5_kpasswd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:116
-msgid ""
-"If the change password service is not running on the KDC alternative servers "
-"can be defined here. An optional port number (preceded by a colon) may be "
-"appended to the addresses or hostnames."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:122
-msgid ""
-"For more information on failover and server redundancy, see the "
-"<quote>FAILOVER</quote> section. Please note that even if there are no more "
-"kpasswd servers to try the back end is not switch to offline if "
-"authentication against the KDC is still possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:129
-msgid "Default: Use the KDC"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:135
-msgid "krb5_ccachedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:138
-msgid ""
-"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist it will be created. If %u, %U, %p or %h are used a "
-"private directory belonging to the user is created. Otherwise a public "
-"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry> for details) is created."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:151
-msgid "Default: /tmp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:157
-msgid "krb5_ccname_template (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:171
-msgid "login UID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:174
-msgid "%p"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:175
-msgid "principal name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:179
-msgid "%r"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:180
-msgid "realm name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:183
-msgid "%h"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:184
-msgid "home directory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:189
-msgid "value of krb5ccache_dir"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194
-msgid "%P"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "the process ID of the sssd client"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:160
-msgid ""
-"Location of the user's credential cache. Currently only file based "
-"credential caches are supported. In the template the following sequences are "
-"substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
-"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
-"way."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:209
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:215
-msgid "krb5_auth_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:218
-msgid ""
-"Timeout in seconds after an online authentication or change password request "
-"is aborted. If possible the authentication request is continued offline."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:241
-msgid "krb5_keytab (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:244
-msgid ""
-"The location of the keytab to use when validating credentials obtained from "
-"KDCs."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:248
-msgid "Default: /etc/krb5.keytab"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:254
-msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:257
-msgid ""
-"Store the password of the user if the provider is offline and use it to "
-"request a TGT when the provider gets online again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:262
-msgid ""
-"Please note that this feature currently only available on a Linux platform. "
-"Passwords stored in this way are kept in plaintext in the kernel keyring and "
-"are potentially accessible by the root user (with difficulty)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:275
-msgid "krb5_renewable_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:278
-msgid ""
-"Request a renewable ticket with a total lifetime given by an integer "
-"immediately followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
-msgid "<emphasis>s</emphasis> seconds"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
-msgid "<emphasis>m</emphasis> minutes"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
-msgid "<emphasis>h</emphasis> hours"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
-msgid "<emphasis>d</emphasis> days."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:295 sssd-krb5.5.xml:331
-msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:299
-msgid ""
-"Please note that it is not possible to mix units. If you want to set the "
-"renewable lifetime to one and a half hours please use '90m' instead of "
-"'1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:305
-msgid "Default: not set, i.e. the TGT is not renewable"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:311
-msgid "krb5_lifetime (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:314
-msgid ""
-"Request ticket with a with a lifetime given by an integer immediately "
-"followed by one of the following delimiters:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:335
-msgid ""
-"Please note that it is not possible to mix units. If you want to set the "
-"lifetime to one and a half hours please use '90m' instead of '1h30m'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:340
-msgid ""
-"Default: not set, i.e. the default ticket lifetime configured on the KDC."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:347
-msgid "krb5_renew_interval (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:350
-msgid ""
-"The time in seconds between two checks if the TGT should be renewed. TGTs "
-"are renewed if about half of their lifetime is exceeded."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:355
-msgid "If this option is not set or 0 the automatic renewal is disabled."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:365
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:368
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:373
-msgid ""
-"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
-"option at all."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
-msgid ""
-"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
-"continue without."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:381
-msgid ""
-"<emphasis>demand</emphasis> to use FAST, fail if the server does not require "
-"fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:385
-msgid "Default: not set, i.e. FAST is not used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:388
-msgid "Please note that a keytab is required to use fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:391
-msgid ""
-"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used with an older version using this option is a "
-"configuration error."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:400
-msgid "krb5_fast_principal (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:403
-msgid "Specifies the server principal to use for FAST."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:412
-msgid ""
-"Specifies if the host and user principal should be canonicalized. This "
-"feature is available with MIT Kerberos >= 1.7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:65
-msgid ""
-"If the auth-module krb5 is used in a SSSD domain, the following options must "
-"be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
-"SECTIONS</quote> for details on the configuration of a SSSD domain. "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:434
-msgid ""
-"The following example assumes that SSSD is correctly configured and FOO is "
-"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
-"example shows only configuration of Kerberos authentication, it does not "
-"include any identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:442
-#, no-wrap
-msgid ""
-" [domain/FOO]\n"
-" auth_provider = krb5\n"
-" krb5_server = 192.168.1.1\n"
-" krb5_realm = EXAMPLE.COM\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:453
-msgid ""
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
-msgid "sss_groupadd"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupadd.8.xml:16
-msgid "create a new group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupadd.8.xml:21
-msgid ""
-"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:32
-msgid ""
-"<command>sss_groupadd</command> creates a new group. These groups are "
-"compatible with POSIX groups, with the additional feature that they can "
-"contain other groups as members."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupadd.8.xml:43
-msgid ""
-"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupadd.8.xml:48
-msgid ""
-"Set the GID of the group to the value of <replaceable>GID</replaceable>. If "
-"not given, it is chosen automatically."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
-msgid "sss_userdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_userdel.8.xml:16
-msgid "delete a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_userdel.8.xml:21
-msgid ""
-"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:32
-msgid ""
-"<command>sss_userdel</command> deletes a user identified by login name "
-"<replaceable>LOGIN</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:44
-msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:48
-msgid ""
-"Files in the user's home directory will be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:56
-msgid "<option>-R</option>,<option>--no-remove</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:60
-msgid ""
-"Files in the user's home directory will NOT be removed along with the home "
-"directory itself and the user's mail spool. Overrides the configuration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:68
-msgid "<option>-f</option>,<option>--force</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:72
-msgid ""
-"This option forces <command>sss_userdel</command> to remove the user's home "
-"directory and mail spool, even if they are not owned by the specified user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_userdel.8.xml:80
-msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_userdel.8.xml:84
-msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
-msgid "sss_groupdel"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupdel.8.xml:16
-msgid "delete a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupdel.8.xml:21
-msgid ""
-"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:32
-msgid ""
-"<command>sss_groupdel</command> deletes a group identified by its name "
-"<replaceable>GROUP</replaceable> from the system."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
-msgid "sss_groupshow"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupshow.8.xml:16
-msgid "print properties of a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupshow.8.xml:21
-msgid ""
-"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:32
-msgid ""
-"<command>sss_groupshow</command> displays information about a group "
-"identified by its name <replaceable>GROUP</replaceable>. The information "
-"includes the group ID number, members of the group and the parent group."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupshow.8.xml:43
-msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupshow.8.xml:47
-msgid ""
-"Also print indirect group members in a tree-like hierarchy. Note that this "
-"also affects printing parent groups - without <option>R</option>, only the "
-"direct parent will be printed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
-msgid "sss_usermod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_usermod.8.xml:16
-msgid "modify a user account"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_usermod.8.xml:21
-msgid ""
-"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:32
-msgid ""
-"<command>sss_usermod</command> modifies the account specified by "
-"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
-"on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:60
-msgid "The home directory of the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:71
-msgid "The user's login shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:82
-msgid ""
-"Append this user to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:96
-msgid ""
-"Remove this user from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:103
-msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:107
-msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_usermod.8.xml:114
-msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:118
-msgid "Unlock the user account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_usermod.8.xml:129
-msgid "The SELinux user for the user's login."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/service_discovery.xml:2
-msgid "SERVICE DISCOVERY"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/service_discovery.xml:4
-msgid ""
-"The service discovery feature allows back ends to automatically find the "
-"appropriate servers to connect to using a special DNS query."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
-msgid "Configuration"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:11
-msgid ""
-"If no servers are specified, the back end automatically uses service "
-"discovery to try to find a server. Optionally, the user may choose to use "
-"both fixed server addresses and service discovery by inserting a special "
-"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
-"preference is maintained. This feature is useful if, for example, the user "
-"prefers to use service discovery whenever possible, and fall back to a "
-"specific server when no servers can be discovered using DNS."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:23
-msgid "The domain name"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:25
-msgid ""
-"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for more details."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:35
-msgid "The protocol"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:37
-msgid ""
-"The queries usually specify _tcp as the protocol. Exceptions are documented "
-"in respective option description."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:42
-msgid "See Also"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/service_discovery.xml:44
-msgid ""
-"For more information on the service discovery mechanism, refer to RFC 2782."
-msgstr ""
-
-#. type: Content of: outside any tag (error?)
-#: include/upstream.xml:1
-msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <refsect1><title>
-#: include/failover.xml:2
-msgid "FAILOVER"
-msgstr ""
-
-#. type: Content of: <refsect1><para>
-#: include/failover.xml:4
-msgid ""
-"The failover feature allows back ends to automatically switch to a different "
-"server if the primary server fails."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:8
-msgid "Failover Syntax"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:10
-msgid ""
-"The list of servers is given as a comma-separated list; any number of spaces "
-"is allowed around the comma. The servers are listed in order of preference. "
-"The list can contain any number of servers."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><title>
-#: include/failover.xml:17
-msgid "The Failover Mechanism"
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:19
-msgid ""
-"The failover mechanism distinguishes between a machine and a service. The "
-"back end first tries to resolve the hostname of a given machine; if this "
-"resolution attempt fails, the machine is considered offline. No further "
-"attempts are made to connect to this machine for any other service. If the "
-"resolution attempt succeeds, the back end tries to connect to a service on "
-"this machine. If the service connection attempt fails, then only this "
-"particular service is considered offline and the back end automatically "
-"switches over to the next service. The machine is still considered online "
-"and might still be tried for another service."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:32
-msgid ""
-"Further connection attempts are made to machines or services marked as "
-"offline after a specified period of time; this is currently hard coded to 30 "
-"seconds."
-msgstr ""
-
-#. type: Content of: <refsect1><refsect2><para>
-#: include/failover.xml:37
-msgid ""
-"If there are no more machines to try, the back end as a whole switches to "
-"offline mode, and then attempts to reconnect every 30 seconds."
-msgstr ""
-
-#. type: Content of: <varlistentry><term>
-#: include/param_help.xml:3
-msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
-
-#. type: Content of: <varlistentry><listitem><para>
-#: include/param_help.xml:7
-msgid "Display help message and exit."
-msgstr ""
diff --git a/src/man/po/bs.po b/src/man/po/bs.po
deleted file mode 100644
index 83a6a72d1..000000000
--- a/src/man/po/bs.po
+++ /dev/null
@@ -1,6315 +0,0 @@
-# SOME DESCRIPTIVE TITLE
-# Copyright (C) YEAR Red Hat
-# This file is distributed under the same license as the sssd-docs package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: SSSD\n"
-"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-02-07 09:17-0500\n"
-"PO-Revision-Date: 2010-12-23 15:35+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Bosnian (http://www.transifex.net/projects/p/fedora/team/"
-"bs/)\n"
-"Language: bs\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
-"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2)\n"
-
-#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
-#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
-#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
-#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
-#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
-msgid "SSSD Manual pages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
-msgid "sss_groupmod"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
-#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
-#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
-#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
-msgid "8"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sss_groupmod.8.xml:16
-msgid "modify a group"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
-#: sss_groupmod.8.xml:21
-msgid ""
-"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
-"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
-"arg>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
-#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
-#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
-#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
-#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
-msgid "DESCRIPTION"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:32
-msgid ""
-"<command>sss_groupmod</command> modifies the group to reflect the changes "
-"that are specified on the command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
-#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
-#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-msgid "OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
-msgid ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:48
-msgid ""
-"Append this group to groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
-"a comma separated list of group names."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
-msgid ""
-"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
-"replaceable>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_groupmod.8.xml:62
-msgid ""
-"Remove this group from groups specified by the <replaceable>GROUPS</"
-"replaceable> parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096
-#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138
-msgid "SEE ALSO"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
-msgid ""
-"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
-msgid "sssd.conf"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
-msgid "5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
-msgid "File Formats and Conventions"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
-msgid "the configuration file for SSSD"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:21
-msgid "FILE FORMAT"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:29
-#, no-wrap
-msgid ""
-" <replaceable>[section]</replaceable>\n"
-" <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
-" <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:24
-msgid ""
-"The file has an ini-style syntax and consists of sections and parameters. A "
-"section begins with the name of the section in square brackets and continues "
-"until the next section begins. An example of section with single and multi-"
-"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:36
-msgid ""
-"The data types used are string (no quotes needed), integer and bool (with "
-"values of <quote>TRUE/FALSE</quote>)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:41
-msgid ""
-"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
-"(<quote>;</quote>)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:46
-msgid ""
-"All sections can have an optional <replaceable>description</replaceable> "
-"parameter. Its function is only as a label for the section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:52
-msgid ""
-"<filename>sssd.conf</filename> must be a regular file, owned by root and "
-"only root may read from or write to the file."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:58
-msgid "SPECIAL SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:61
-msgid "The [sssd] section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177
-msgid "Section parameters"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:72
-msgid "config_file_version (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:75
-msgid ""
-"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-"version 2."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:81
-msgid "services"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:84
-msgid ""
-"Comma separated list of services that are started when sssd itself starts."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:88
-msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
-msgid "reconnection_retries (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
-msgid ""
-"Number of times services should attempt to reconnect in the event of a Data "
-"Provider crash or restart before they give up"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
-msgid "Default: 3"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
-msgid "domains"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
-msgid ""
-"A domain is a database containing user information. SSSD can use more "
-"domains at the same time, but at least one must be configured or SSSD won't "
-"start. This parameter described the list of domains in the order you want "
-"them to be queried."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
-msgid "re_expression (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
-msgid ""
-"Regular expression that describes how to parse the string containing user "
-"name and domain into these components."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
-msgid ""
-"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
-"which translates to \"the name is everything up to the <quote>@</quote> "
-"sign, the domain everything after that\""
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
-msgid ""
-"PLEASE NOTE: the support for non-unique named subpatterns is not available "
-"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
-"version 7 or higher can support non-unique named subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
-msgid ""
-"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
-"P&lt;name&gt;) to label subpatterns."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
-msgid "full_name_format (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
-msgid ""
-"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
-"manvolnum> </citerefentry>-compatible format that describes how to translate "
-"a (name, domain) tuple into a fully qualified name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
-msgid "Default: <quote>%1$s@%2$s</quote>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
-msgid "try_inotify (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
-msgid ""
-"SSSD monitors the state of resolv.conf to identify when it needs to update "
-"its internal DNS resolver. By default, we will attempt to use inotify for "
-"this, and will fall back to polling resolv.conf every five seconds if "
-"inotify cannot be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
-msgid ""
-"There are some limited situations where it is preferred that we should skip "
-"even trying to use inotify. In these rare cases, this option should be set "
-"to 'false'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
-msgid ""
-"Default: true on platforms where inotify is supported. False on other "
-"platforms."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
-msgid ""
-"Note: this option will have no effect on platforms where inotify is "
-"unavailable. On these platforms, polling will always be used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
-msgid "krb5_rcache_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
-msgid ""
-"Directory on the filesystem where SSSD should store Kerberos replay cache "
-"files."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
-msgid ""
-"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
-"SSSD to let libkrb5 decide the appropriate location for the replay cache."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
-msgid ""
-"Default: Distribution-specific and specified at build-time. "
-"(__LIBKRB5_DEFAULTS__ if not configured)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:63
-msgid ""
-"Individual pieces of SSSD functionality are provided by special SSSD "
-"services that are started and stopped together with SSSD. The services are "
-"managed by a special service frequently called <quote>monitor</quote>. The "
-"<quote>[sssd]</quote> section is used to configure the monitor as well as "
-"some other important options like the identity domains. <placeholder type="
-"\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
-msgid "SERVICES SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
-msgid ""
-"Settings that can be used to configure different services are described in "
-"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
-"section, for example, for NSS service, the section would be <quote>[nss]</"
-"quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
-msgid "General service configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
-msgid "These options can be used to configure any service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "command (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:281
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:289
-msgid "NSS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:291
-msgid ""
-"These options can be used to configure the Name Service Switch (NSS) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:296
-msgid "enum_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:299
-msgid ""
-"How many seconds should nss_sss cache enumerations (requests for info about "
-"all users)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303
-msgid "Default: 120"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "entry_cache_nowait_percentage (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"The entry cache can be set to automatically update entries in the background "
-"if they are requested beyond a percentage of the entry_cache_timeout value "
-"for the domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:317
-msgid ""
-"For example, if the domain's entry_cache_timeout is set to 30s and "
-"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
-"after 15 seconds past the last cache update will be returned immediately, "
-"but the SSSD will go and update the cache on its own, so that future "
-"requests will not need to block waiting for a cache update."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:327
-msgid ""
-"Valid values for this option are 0-99 and represent a percentage of the "
-"entry_cache_timeout for each domain. For performance reasons, this "
-"percentage will never reduce the nowait timeout to less than 10 seconds. (0 "
-"disables this feature)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:335
-msgid "Default: 50"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:340
-msgid "entry_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:343
-msgid ""
-"Specifies for how many seconds nss_sss should cache negative cache hits "
-"(that is, queries for invalid database entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223
-msgid "Default: 15"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:354
-msgid "filter_users, filter_groups (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:357
-msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
-msgid "Default: root"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:369
-msgid "filter_users_in_groups (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:372
-msgid ""
-"If you want filtered user still be group members set this option to false."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:381
-msgid "override_homedir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166
-msgid "%u"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167
-msgid "login name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170
-msgid "%U"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
-msgid "UID number"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188
-msgid "%d"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
-msgid "domain name"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:402
-msgid "%f"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:403
-msgid "fully qualified user name (user@domain)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200
-msgid "%%"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201
-msgid "a literal '%'"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:384
-msgid ""
-"Override the user's home directory. You can either provide an absolute value "
-"or a template. In the template, the following sequences are substituted: "
-"<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
-msgid "This option can also be set per-domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:418
-msgid "allowed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:421
-msgid ""
-"Restrict user shell to one of the listed values. The order of evaluation is:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424
-msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:428
-msgid ""
-"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
-"quote>, use the value of the shell_fallback parameter."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:433
-msgid ""
-"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
-"shells</quote>, a nologin shell is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
-msgid "An empty string for shell is passed as-is to libc."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
-msgid ""
-"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
-"that a restart of the SSSD is required in case a new shell is installed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
-msgid "Default: Not set. The user shell is automatically used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
-msgid "vetoed_shells (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
-msgid "Replace any instance of these shells with the shell_fallback"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:458
-msgid "shell_fallback (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
-msgid ""
-"The default shell to use if an allowed shell is not installed on the machine."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:465
-msgid "Default: /bin/sh"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:472
-msgid "PAM configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:474
-msgid ""
-"These options can be used to configure the Pluggable Authentication Module "
-"(PAM) service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:479
-msgid "offline_credentials_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
-msgid ""
-"If the authentication provider is offline, how long should we allow cached "
-"logins (in days since the last successful online login)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:487 sssd.conf.5.xml:500
-msgid "Default: 0 (No limit)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:493
-msgid "offline_failed_login_attempts (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
-msgid ""
-"If the authentication provider is offline, how many failed login attempts "
-"are allowed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:506
-msgid "offline_failed_login_delay (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:509
-msgid ""
-"The time in minutes which has to pass after offline_failed_login_attempts "
-"has been reached before a new login attempt is possible."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:514
-msgid ""
-"If set to 0 the user cannot authenticate offline if "
-"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable offline authentication again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093
-msgid "Default: 5"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:526
-msgid "pam_verbosity (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:529
-msgid ""
-"Controls what kind of messages are shown to the user during authentication. "
-"The higher the number to more messages are displayed."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:534
-msgid "Currently sssd supports the following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537
-msgid "<emphasis>0</emphasis>: do not show any message"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
-msgid "<emphasis>1</emphasis>: show only important messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:544
-msgid "<emphasis>2</emphasis>: show informational messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547
-msgid "<emphasis>3</emphasis>: show all messages and debug information"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551 sssd.8.xml:63
-msgid "Default: 1"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
-msgid "pam_id_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
-msgid ""
-"For any PAM request while SSSD is online, the SSSD will attempt to "
-"immediately update the cached identity information for the user in order to "
-"ensure that authentication takes place with the latest information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:565
-msgid ""
-"A complete PAM conversation may perform multiple PAM requests, such as "
-"account management and session opening. This option controls (on a per-"
-"client-application basis) how long (in seconds) we can cache the identity "
-"information to avoid excessive round-trips to the identity provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:579
-msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
-msgid "Display a warning N days before the password expires."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:585
-msgid ""
-"Please note that the backend server has to provide information about the "
-"expiration time of the password. If this information is missing, sssd "
-"cannot display a warning."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:591
-msgid "Default: 7"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:599
-msgid "SUDO configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:601
-msgid "These options can be used to configure the sudo service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:608
-msgid "sudo_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:611
-msgid ""
-"For any sudo request that comes while SSSD is online, the SSSD will attempt "
-"to update the cached rules in order to ensure that sudo has the latest "
-"ruleset."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
-msgid ""
-"The user may, however, run a couple of sudo commands successively, which "
-"would trigger multiple LDAP requests. In order to speed up this use-case, "
-"the sudo service maintains an in-memory cache that would be used for "
-"performing fast replies."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:624
-msgid ""
-"This option controls how long (in seconds) can the sudo service cache rules "
-"for a user."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
-msgid "Default: 180"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:633
-msgid "sudo_timed (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:636
-msgid ""
-"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
-"that implement time-dependent sudoers entries."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:649
-msgid "AUTOFS configuration options"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:651
-msgid "These options can be used to configure the autofs service."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:659
-msgid "autofs_negative_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:662
-msgid ""
-"Specifies for how many seconds should the autofs respondercache negative "
-"cache hits (that is, queries for invalid map entries, like nonexistent ones) "
-"before asking the back end again."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:679
-msgid "DOMAIN SECTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:686
-msgid "min_id,max_id (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689
-msgid ""
-"UID and GID limits for the domain. If a domain contains an entry that is "
-"outside these limits, it is ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:694
-msgid ""
-"For users, this affects the primary GID limit. The user will not be returned "
-"to NSS if either the UID or the primary GID is outside the range. For non-"
-"primary group memberships, those that are in range will be reported as "
-"expected."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:701
-msgid "Default: 1 for min_id, 0 (no limit) for max_id"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:707
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:710
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:721
-msgid "enumerate (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:724
-msgid ""
-"Determines if a domain can be enumerated. This parameter can have one of the "
-"following values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:728
-msgid "TRUE = Users and groups are enumerated"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:731
-msgid "FALSE = No enumerations for this domain"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893
-msgid "Default: FALSE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:737
-msgid ""
-"Note: Enabling enumeration has a moderate performance impact on SSSD while "
-"enumeration is running. It may take up to several minutes after SSSD startup "
-"to fully complete enumerations. During this time, individual requests for "
-"information will go directly to LDAP, though it may be slow, due to the "
-"heavy enumeration processing."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:747
-msgid ""
-"While the first enumeration is running, requests for the complete user or "
-"group lists may return no results until it completes."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:752
-msgid ""
-"Further, enabling enumeration may increase the time necessary to detect "
-"network disconnection, as longer timeouts are required to ensure that "
-"enumeration lookups are completed successfully. For more information, refer "
-"to the man pages for the specific id_provider in use."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:763
-msgid "entry_cache_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:766
-msgid ""
-"How many seconds should nss_sss consider entries valid before asking the "
-"backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:770
-msgid "Default: 5400"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:776
-msgid "entry_cache_user_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:779
-msgid ""
-"How many seconds should nss_sss consider user entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809
-#: sssd.conf.5.xml:822
-msgid "Default: entry_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:789
-msgid "entry_cache_group_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:792
-msgid ""
-"How many seconds should nss_sss consider group entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
-msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
-msgid ""
-"How many seconds should nss_sss consider netgroup entries valid before "
-"asking the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
-msgid "entry_cache_service_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
-msgid ""
-"How many seconds should nss_sss consider service entries valid before asking "
-"the backend again"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:828
-msgid "cache_credentials (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
-msgid "Determines if user credentials are also cached in the local LDB cache"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
-msgid "User credentials are stored in a SHA512 hash, not in plaintext"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
-msgid "account_cache_expiration (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
-msgid ""
-"Number of days entries are left in cache after last successful login before "
-"being removed during a cleanup of the cache. 0 means keep forever. The "
-"value of this parameter must be greater than or equal to "
-"offline_credentials_expiration."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854
-msgid "Default: 0 (unlimited)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:860
-msgid "id_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:863
-msgid "The Data Provider identity backend to use for this domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:867
-msgid "Supported backends:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:870
-msgid "proxy: Support a legacy NSS provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:873
-msgid "local: SSSD internal local provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:876
-msgid "ldap: LDAP provider"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:882
-msgid "use_fully_qualified_names (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:885
-msgid ""
-"If set to TRUE, all requests to this domain must use fully qualified names. "
-"For example, if used in LOCAL domain that contains a \"test\" user, "
-"<command>getent passwd test</command> wouldn't find the user while "
-"<command>getent passwd test@LOCAL</command> would."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:898
-msgid "auth_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:901
-msgid ""
-"The authentication provider used for the domain. Supported auth providers "
-"are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
-msgid ""
-"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
-msgid ""
-"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:919
-msgid ""
-"<quote>proxy</quote> for relaying authentication to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
-msgid "<quote>none</quote> disables authentication explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:925
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"authentication requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:931
-msgid "access_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
-msgid ""
-"The access control provider used for the domain. There are two built-in "
-"access providers (in addition to any included in installed backends) "
-"Internal special providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
-msgid "<quote>permit</quote> always allow access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
-msgid "<quote>deny</quote> always deny access."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:946
-msgid ""
-"<quote>simple</quote> access control based on access or deny lists. See "
-"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry> for more information on configuring the simple "
-"access module."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:953
-msgid "Default: <quote>permit</quote>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:958
-msgid "chpass_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
-msgid ""
-"The provider which should handle change password operations for the domain. "
-"Supported change password providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:966
-msgid ""
-"<quote>ipa</quote> to change a password stored in an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
-msgid ""
-"<quote>ldap</quote> to change a password stored in a LDAP server. See "
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:982
-msgid ""
-"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
-"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring Kerberos."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:990
-msgid ""
-"<quote>proxy</quote> for relaying password changes to some other PAM target."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:994
-msgid "<quote>none</quote> disallows password changes explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997
-msgid ""
-"Default: <quote>auth_provider</quote> is used if it is set and can handle "
-"change password requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1004
-msgid "sudo_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1010
-msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
-msgid ""
-"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
-"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry> for more information on configuring LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1021
-msgid "<quote>none</quote> disables SUDO explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1024
-msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1030
-msgid "session_provider (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1033
-msgid ""
-"The provider which should handle loading of session settings. Supported "
-"session providers are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
-msgid ""
-"<quote>ipa</quote> to load session settings from an IPA server. See "
-"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> for more information on configuring IPA."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1046
-msgid "<quote>none</quote> disallows fetching session settings explicitly."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
-msgid ""
-"Default: <quote>id_provider</quote> is used if it is set and can handle "
-"session loading requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1056
-msgid "lookup_family_order (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1059
-msgid ""
-"Provides the ability to select preferred address family to use when "
-"performing DNS lookups."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
-msgid "Supported values:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
-msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
-msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1072
-msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
-msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
-msgid "Default: ipv4_first"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1084
-msgid "dns_resolver_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
-msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1099
-msgid "dns_discovery_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1102
-msgid ""
-"If service discovery is used in the back end, specifies the domain part of "
-"the service discovery DNS query."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
-msgid "Default: Use the domain part of machine's hostname"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
-msgid "override_gid (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
-msgid "Override the primary GID value with the one specified."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1121
-msgid "case_sensitive (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124
-msgid ""
-"Treat user and group names as case sensitive. At the moment, this option is "
-"not supported in the local provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1129
-msgid "Default: True"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:681
-msgid ""
-"These configuration options can be present in a domain configuration "
-"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
-"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
-msgid "proxy_pam_target (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
-msgid "The proxy target PAM proxies to."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1147
-msgid ""
-"Default: not set by default, you have to take an existing pam configuration "
-"or create a new one and add the service name here."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1155
-msgid "proxy_lib_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1158
-msgid ""
-"The name of the NSS library to use in proxy domains. The NSS functions "
-"searched for in the library are in the form of _nss_$(libName)_$(function), "
-"for example _nss_files_getpwent."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1137
-msgid ""
-"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
-"\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1170
-msgid "The local domain section"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1172
-msgid ""
-"This section contains settings for domain that stores users and groups in "
-"SSSD native database, that is, a domain that uses "
-"<replaceable>id_provider=local</replaceable>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1179
-msgid "default_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1182
-msgid "The default shell for users created with SSSD userspace tools."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1186
-msgid "Default: <filename>/bin/bash</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1191
-msgid "base_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1194
-msgid ""
-"The tools append the login name to <replaceable>base_directory</replaceable> "
-"and use that as the home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
-msgid "Default: <filename>/home</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1204
-msgid "create_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207
-msgid ""
-"Indicate if a home directory should be created by default for new users. "
-"Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223
-msgid "Default: TRUE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1216
-msgid "remove_homedir (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1219
-msgid ""
-"Indicate if a home directory should be removed by default for deleted "
-"users. Can be overridden on command line."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1228
-msgid "homedir_umask (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
-msgid ""
-"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
-"on a newly created home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1239
-msgid "Default: 077"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1244
-msgid "skel_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1247
-msgid ""
-"The skeleton directory, which contains files and directories to be copied in "
-"the user's home directory, when the home directory is created by "
-"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1257
-msgid "Default: <filename>/etc/skel</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1262
-msgid "mail_dir (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1265
-msgid ""
-"The mail spool directory. This is needed to manipulate the mailbox when its "
-"corresponding user account is modified or deleted. If not specified, a "
-"default value is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1272
-msgid "Default: <filename>/var/mail</filename>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1277
-msgid "userdel_cmd (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1280
-msgid ""
-"The command that is run after a user is removed. The command us passed the "
-"username of the user being removed as the first and only parameter. The "
-"return code of the command is not taken into account."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
-msgid "Default: None, no command is run"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
-msgid "EXAMPLE"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1302
-#, no-wrap
-msgid ""
-"[sssd]\n"
-"domains = LDAP\n"
-"services = nss, pam\n"
-"config_file_version = 2\n"
-"\n"
-"[nss]\n"
-"filter_groups = root\n"
-"filter_users = root\n"
-"\n"
-"[pam]\n"
-"\n"
-"[domain/LDAP]\n"
-"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
-"\n"
-"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
-"cache_credentials = true\n"
-"\n"
-"min_id = 10000\n"
-"max_id = 20000\n"
-"enumerate = False\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1298
-msgid ""
-"The following example shows a typical SSSD config. It does not describe "
-"configuration of the domains themselves - refer to documentation on "
-"configuring domains for more details. <placeholder type=\"programlisting\" "
-"id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1333
-msgid ""
-"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
-"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
-"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
-msgid "sssd-ldap"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:23
-msgid ""
-"This manual page describes the configuration of LDAP domains for "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the "
-"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> manual page for detailed syntax information."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:35
-msgid "You can configure SSSD to use more than one LDAP domain."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:38
-msgid ""
-"LDAP back end supports id, auth, access and chpass providers. If you want to "
-"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
-"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
-"over an unencrypted channel. If the LDAP server is used only as an identity "
-"provider, an encrypted channel is not needed. Please refer to "
-"<quote>ldap_access_filter</quote> config option for more information about "
-"using LDAP as an access provider."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
-#: sssd-krb5.5.xml:63
-msgid "CONFIGURATION OPTIONS"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:60
-msgid "ldap_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:63
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference. Refer to the <quote>FAILOVER</"
-"quote> section for more information on failover and server redundancy. If "
-"not specified, service discovery is enabled. For more information, refer to "
-"the <quote>SERVICE DISCOVERY</quote> section."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
-msgid "The format of the URI must match the format defined in RFC 2732:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:73
-msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:76
-msgid ""
-"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:79
-msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:85
-msgid "ldap_chpass_uri (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:88
-msgid ""
-"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
-"should connect in the order of preference to change the password of a user. "
-"Refer to the <quote>FAILOVER</quote> section for more information on "
-"failover and server redundancy."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:95
-msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:99
-msgid "Default: empty, i.e. ldap_uri is used."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:105
-msgid "ldap_search_base (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:108
-msgid "The default base DN to use for performing LDAP user operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:112
-msgid ""
-"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
-"syntax:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:116
-msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:119
-msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
-msgid ""
-"The filter must be a valid LDAP search filter as specified by http://www."
-"ietf.org/rfc/rfc2254.txt"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
-msgid "Examples:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:129
-msgid ""
-"ldap_search_base = dc=example,dc=com (which is equivalent to) "
-"ldap_search_base = dc=example,dc=com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:134
-msgid ""
-"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
-"(host=thishost)?dc=example.com?subtree?"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:137
-msgid ""
-"Note: It is unsupported to have multiple search bases which reference "
-"identically-named objects (for example, groups with the same name in two "
-"different search bases). This will lead to unpredictable behavior on client "
-"machines."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:144
-msgid ""
-"Default: If not set, the value of the defaultNamingContext or namingContexts "
-"attribute from the RootDSE of the LDAP server is used. If "
-"defaultNamingContext does not exists or has an empty value namingContexts is "
-"used. The namingContexts attribute must have a single value with the DN of "
-"the search base of the LDAP server to make this work. Multiple values are "
-"are not supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:158
-msgid "ldap_schema (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:161
-msgid ""
-"Specifies the Schema Type in use on the target LDAP server. Depending on "
-"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
-"difference between these schema types is how group memberships are recorded "
-"in the server. With rfc2307, group members are listed by name in the "
-"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
-"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
-msgid "Default: rfc2307"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
-msgid "ldap_default_bind_dn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
-msgid "The default bind DN to use for performing LDAP operations."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
-msgid "ldap_default_authtok_type (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
-msgid "The type of the authentication token of the default bind DN."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
-msgid "The two mechanisms currently supported are:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
-msgid "password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
-msgid "obfuscated_password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
-msgid "Default: password"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
-msgid "ldap_default_authtok (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
-msgid ""
-"The authentication token of the default bind DN. Only clear text passwords "
-"are currently supported."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
-msgid "ldap_user_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
-msgid "The object class of a user entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
-msgid "Default: posixAccount"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
-msgid "ldap_user_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
-msgid "The LDAP attribute that corresponds to the user's login name."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
-msgid "Default: uid"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
-msgid "ldap_user_uid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
-msgid "The LDAP attribute that corresponds to the user's id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
-msgid "Default: uidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
-msgid "ldap_user_gid_number (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
-msgid "The LDAP attribute that corresponds to the user's primary group id."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
-msgid "Default: gidNumber"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
-msgid "ldap_user_gecos (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
-msgid "The LDAP attribute that corresponds to the user's gecos field."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
-msgid "Default: gecos"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
-msgid "ldap_user_home_directory (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
-msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
-msgid "Default: homeDirectory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
-msgid "ldap_user_shell (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
-msgid "The LDAP attribute that contains the path to the user's default shell."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
-msgid "Default: loginShell"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
-msgid "ldap_user_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
-msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
-msgid "Default: nsUniqueId"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
-msgid "ldap_user_modify_timestamp (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
-msgid ""
-"The LDAP attribute that contains timestamp of the last modification of the "
-"parent object."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
-msgid "Default: modifyTimestamp"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
-msgid "ldap_user_shadow_last_change (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
-"the last password change)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
-msgid "Default: shadowLastChange"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
-msgid "ldap_user_shadow_min (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
-msgid "Default: shadowMin"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
-msgid "ldap_user_shadow_max (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
-"password age)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
-msgid "Default: shadowMax"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
-msgid "ldap_user_shadow_warning (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
-msgid ""
-"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
-"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
-"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
-"(password warning period)."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
-msgid "Default: shadowWarning"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
-msgid "ldap_user_shadow_inactive (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem&