summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/man/po/br.po457
-rw-r--r--src/man/po/ca.po487
-rw-r--r--src/man/po/cs.po455
-rw-r--r--src/man/po/de.po480
-rw-r--r--src/man/po/es.po473
-rw-r--r--src/man/po/eu.po455
-rw-r--r--src/man/po/fr.po480
-rw-r--r--src/man/po/ja.po480
-rw-r--r--src/man/po/lv.po455
-rw-r--r--src/man/po/nl.po457
-rw-r--r--src/man/po/pt.po457
-rw-r--r--src/man/po/ru.po455
-rw-r--r--src/man/po/sssd-docs.pot444
-rw-r--r--src/man/po/tg.po455
-rw-r--r--src/man/po/uk.po480
-rw-r--r--src/man/po/zh_CN.po490
16 files changed, 3956 insertions, 3504 deletions
diff --git a/src/man/po/br.po b/src/man/po/br.po
index 8b545fa92..4e848456b 100644
--- a/src/man/po/br.po
+++ b/src/man/po/br.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.2\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-01-08 18:14+0100\n"
+"POT-Creation-Date: 2015-02-18 16:52+0100\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Breton (http://www.transifex.com/projects/p/sssd/language/"
@@ -86,7 +86,7 @@ msgstr ""
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "DIBARZHIOÙ"
@@ -233,8 +233,8 @@ msgstr ""
#: sssd.conf.5.xml:81 sssd.conf.5.xml:571 sssd.conf.5.xml:1014
#: sssd-ldap.5.xml:1625 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1784
#: sssd-ldap.5.xml:2273 sssd-ldap.5.xml:2338 sssd-ldap.5.xml:2356
-#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:410 sssd-ad.5.xml:166 sssd-ad.5.xml:250
-#: sssd-ad.5.xml:695 sssd-ad.5.xml:784 sssd-krb5.5.xml:490
+#: sssd-ipa.5.xml:378 sssd-ipa.5.xml:413 sssd-ad.5.xml:166 sssd-ad.5.xml:264
+#: sssd-ad.5.xml:714 sssd-ad.5.xml:806 sssd-krb5.5.xml:490
msgid "Default: true"
msgstr "Dre ziouer : true"
@@ -254,7 +254,7 @@ msgstr ""
#: sssd.conf.5.xml:94 sssd.conf.5.xml:968 sssd.conf.5.xml:2043
#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1499 sssd-ldap.5.xml:1518
#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:2060 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:540 sssd-krb5.5.xml:257
+#: sssd-ipa.5.xml:208 sssd-ipa.5.xml:543 sssd-krb5.5.xml:257
#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
msgid "Default: false"
msgstr ""
@@ -362,7 +362,7 @@ msgid ""
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter described the list of domains in the order you want "
"them to be queried. A domain name should only consist of alphanumeric ASCII "
-"characters, dashes and underscores."
+"characters, dashes, dots and underscores."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -549,8 +549,8 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:336 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1458
-#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:543
-#: sssd-ad.5.xml:608 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
+#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:557
+#: sssd-ad.5.xml:627 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
#: include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
@@ -1702,7 +1702,7 @@ msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:224
msgid "Default: 0 (disabled)"
msgstr ""
@@ -2626,7 +2626,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:2246 sssd-ldap.5.xml:2518 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:715 sssd-ad.5.xml:821 sssd-krb5.5.xml:519
+#: sssd-ipa.5.xml:718 sssd-ad.5.xml:843 sssd-krb5.5.xml:519
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
@@ -3502,7 +3502,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:738 sssd-ldap.5.xml:831 sssd-ldap.5.xml:1058
#: sssd-ldap.5.xml:1132 sssd-ldap.5.xml:2102 sssd-ldap.5.xml:2441
-#: sssd-ipa.5.xml:588
+#: sssd-ipa.5.xml:591
msgid "Default: cn"
msgstr ""
@@ -4258,7 +4258,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1479
msgid ""
-"Specifies acceptable cipher suites. Typically this is a colon separated "
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
msgstr ""
@@ -4419,7 +4419,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:739
+#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:761
msgid "Default: 86400 (24 hours)"
msgstr ""
@@ -4457,7 +4457,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:385 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:388 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
@@ -4472,7 +4472,7 @@ msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:400 sssd-krb5.5.xml:453
+#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:403 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
@@ -5403,7 +5403,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: sssd-ldap.5.xml:2525 sssd-ldap.5.xml:2543 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:723 sssd-ad.5.xml:829 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ipa.5.xml:726 sssd-ad.5.xml:851 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -5438,7 +5438,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2559 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:844 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:866 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
@@ -5948,7 +5948,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:676
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:695
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5963,7 +5963,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:690
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:709
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5978,12 +5978,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:701
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:720
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:704
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:723
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6004,19 +6004,24 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:715
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:734
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:718
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:737
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173
+#: sssd-ipa.5.xml:173 sssd-ad.5.xml:742
+msgid "NOTE: This option currently supports only one interface."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:176
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -6024,22 +6029,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:179
+#: sssd-ipa.5.xml:182
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:185
+#: sssd-ipa.5.xml:188
msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:192
+#: sssd-ipa.5.xml:195
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
@@ -6051,12 +6056,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:729
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:751
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:732
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:754
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6064,174 +6069,174 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:745
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:767
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:748
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:770
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:235
+#: sssd-ipa.5.xml:238
msgid ""
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:241
+#: sssd-ipa.5.xml:244
msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:759
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:781
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:762
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:784
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:766
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:788
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260
+#: sssd-ipa.5.xml:263
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263
+#: sssd-ipa.5.xml:266
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:270
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273
+#: sssd-ipa.5.xml:276
msgid "ipa_host_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276
+#: sssd-ipa.5.xml:279
msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:283 sssd-ipa.5.xml:302 sssd-ipa.5.xml:321 sssd-ipa.5.xml:340
+#: sssd-ipa.5.xml:359
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:288 sssd-ipa.5.xml:307 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:295
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:295
+#: sssd-ipa.5.xml:298
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:311
+#: sssd-ipa.5.xml:314
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:314
+#: sssd-ipa.5.xml:317
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:326
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:330
+#: sssd-ipa.5.xml:333
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:333
+#: sssd-ipa.5.xml:336
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:345
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:349
+#: sssd-ipa.5.xml:352
msgid "ipa_views_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:352
+#: sssd-ipa.5.xml:355
msgid "Optional. Use the given string as search base for views containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:364
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368 sssd-krb5.5.xml:245
+#: sssd-ipa.5.xml:371 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:374
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378 sssd-ad.5.xml:787
+#: sssd-ipa.5.xml:381 sssd-ad.5.xml:809
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:388
+#: sssd-ipa.5.xml:391
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:395
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:403
+#: sssd-ipa.5.xml:406
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -6239,24 +6244,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:416 sssd-krb5.5.xml:407
+#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:407
msgid "krb5_use_fast (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:410
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:410
msgid ""
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:424
+#: sssd-ipa.5.xml:427
msgid "<emphasis>never</emphasis> use FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:430
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it. This is equivalent to not setting "
@@ -6264,19 +6269,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:433 sssd-krb5.5.xml:424
+#: sssd-ipa.5.xml:436 sssd-krb5.5.xml:424
msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:438
+#: sssd-ipa.5.xml:441
msgid "Default: try"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:441 sssd-krb5.5.xml:435
+#: sssd-ipa.5.xml:444 sssd-krb5.5.xml:435
msgid ""
"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
"SSSD is used with an older version of MIT Kerberos, using this option is a "
@@ -6284,37 +6289,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:794
+#: sssd-ipa.5.xml:453 sssd-ad.5.xml:816
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:453 sssd-ad.5.xml:797
+#: sssd-ipa.5.xml:456 sssd-ad.5.xml:819
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:457 sssd-ad.5.xml:801
+#: sssd-ipa.5.xml:460 sssd-ad.5.xml:823
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:805
+#: sssd-ipa.5.xml:464 sssd-ad.5.xml:827
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:468
+#: sssd-ipa.5.xml:471
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:474
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -6322,17 +6327,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:478 sssd-ipa.5.xml:494 sssd-ad.5.xml:330
+#: sssd-ipa.5.xml:481 sssd-ipa.5.xml:497 sssd-ad.5.xml:344
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:484
+#: sssd-ipa.5.xml:487
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:490
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -6340,12 +6345,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:503
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:506
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -6354,209 +6359,209 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:515
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:517
+#: sssd-ipa.5.xml:520
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:522
+#: sssd-ipa.5.xml:525
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:531
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:534
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:535
+#: sssd-ipa.5.xml:538
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:549
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:549
+#: sssd-ipa.5.xml:552
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:552
+#: sssd-ipa.5.xml:555
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:560
+#: sssd-ipa.5.xml:563
msgid "VIEWS AND OVERRIDES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:572
msgid "ipa_view_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:572
+#: sssd-ipa.5.xml:575
msgid "Objectclass of the view container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:578
msgid "Default: nsContainer"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:581
+#: sssd-ipa.5.xml:584
msgid "ipa_view_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:584
+#: sssd-ipa.5.xml:587
msgid "Name of the attribute holding the name of the view."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:594
+#: sssd-ipa.5.xml:597
msgid "ipa_overide_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:597
+#: sssd-ipa.5.xml:600
msgid "Objectclass of the override objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:600
+#: sssd-ipa.5.xml:603
msgid "Default: ipaOverrideAnchor"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:606
+#: sssd-ipa.5.xml:609
msgid "ipa_anchor_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:612
msgid ""
"Name of the attribute containing the reference to the original object in a "
"remote domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:613
+#: sssd-ipa.5.xml:616
msgid "Default: ipaAnchorUUID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
+#: sssd-ipa.5.xml:622
msgid "ipa_user_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
+#: sssd-ipa.5.xml:625
msgid ""
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:627
+#: sssd-ipa.5.xml:630
msgid "User overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:630
+#: sssd-ipa.5.xml:633
msgid "ldap_user_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:633
+#: sssd-ipa.5.xml:636
msgid "ldap_user_uid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:636
+#: sssd-ipa.5.xml:639
msgid "ldap_user_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:639
+#: sssd-ipa.5.xml:642
msgid "ldap_user_gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:642
+#: sssd-ipa.5.xml:645
msgid "ldap_user_home_directory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:645
+#: sssd-ipa.5.xml:648
msgid "ldap_user_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:651
msgid "ldap_user_ssh_public_key"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:653
+#: sssd-ipa.5.xml:656
msgid "Default: ipaUserOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:659
+#: sssd-ipa.5.xml:662
msgid "ipa_group_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:662
+#: sssd-ipa.5.xml:665
msgid ""
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:667
+#: sssd-ipa.5.xml:670
msgid "Group overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:670
+#: sssd-ipa.5.xml:673
msgid "ldap_group_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:673
+#: sssd-ipa.5.xml:676
msgid "ldap_group_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:678
+#: sssd-ipa.5.xml:681
msgid "Default: ipaGroupOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:565
msgid ""
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
@@ -6566,19 +6571,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:688
+#: sssd-ipa.5.xml:691
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:690
+#: sssd-ipa.5.xml:693
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:694
+#: sssd-ipa.5.xml:697
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6586,7 +6591,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:700
+#: sssd-ipa.5.xml:703
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6598,7 +6603,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:717
+#: sssd-ipa.5.xml:720
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6606,7 +6611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:724
+#: sssd-ipa.5.xml:727
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6846,17 +6851,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225
+#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:231
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "ad_site (string)"
+msgstr "re_expression (neudennad)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:245
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:248
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -6865,7 +6884,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:242
+#: sssd-ad.5.xml:256
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -6874,12 +6893,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:270
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:259
+#: sssd-ad.5.xml:273
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -6889,14 +6908,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268
+#: sssd-ad.5.xml:282
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:274
+#: sssd-ad.5.xml:288
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -6909,23 +6928,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:287
+#: sssd-ad.5.xml:301
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:291
+#: sssd-ad.5.xml:305
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:297
+#: sssd-ad.5.xml:311
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:303
+#: sssd-ad.5.xml:317
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -6933,17 +6952,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:314
+#: sssd-ad.5.xml:328
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:320
+#: sssd-ad.5.xml:334
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:323
+#: sssd-ad.5.xml:337
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -6951,12 +6970,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:336
+#: sssd-ad.5.xml:350
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:339
+#: sssd-ad.5.xml:353
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -6964,7 +6983,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:345
+#: sssd-ad.5.xml:359
msgid ""
"Note: Using the Group Policy Management Editor this value "
"InteractiveLogonRight is called \"Allow log on locally\" and \"Deny log on "
@@ -6972,7 +6991,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:359
+#: sssd-ad.5.xml:373
#, no-wrap
msgid ""
" ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -6980,7 +6999,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:350
+#: sssd-ad.5.xml:364
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -6992,53 +7011,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:363 sssd-ad.5.xml:434 sssd-ad.5.xml:469 sssd-ad.5.xml:509
-#: sssd-ad.5.xml:570
+#: sssd-ad.5.xml:377 sssd-ad.5.xml:448 sssd-ad.5.xml:483 sssd-ad.5.xml:523
+#: sssd-ad.5.xml:584
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:381
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:372
+#: sssd-ad.5.xml:386
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:377
+#: sssd-ad.5.xml:391
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:396
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:387
+#: sssd-ad.5.xml:401
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:406
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:397
+#: sssd-ad.5.xml:411
msgid "kdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:406
+#: sssd-ad.5.xml:420
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:423
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7046,7 +7065,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:415
+#: sssd-ad.5.xml:429
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7054,7 +7073,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:430
+#: sssd-ad.5.xml:444
#, no-wrap
msgid ""
" ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7062,7 +7081,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:435
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7074,17 +7093,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:452
msgid "sshd"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:461
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:450
+#: sssd-ad.5.xml:464
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7092,7 +7111,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:479
#, no-wrap
msgid ""
" ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7100,7 +7119,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:456
+#: sssd-ad.5.xml:470
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7112,22 +7131,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:487
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:478
+#: sssd-ad.5.xml:492
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:487
+#: sssd-ad.5.xml:501
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:504
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7135,7 +7154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:519
#, no-wrap
msgid ""
" ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7143,7 +7162,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:510
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7155,17 +7174,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:527
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:522
+#: sssd-ad.5.xml:536
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:525
+#: sssd-ad.5.xml:539
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7173,7 +7192,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:539
+#: sssd-ad.5.xml:553
#, no-wrap
msgid ""
" ad_gpo_map_service = +my_pam_service\n"
@@ -7181,7 +7200,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:531 sssd-ad.5.xml:596
+#: sssd-ad.5.xml:545 sssd-ad.5.xml:615
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7192,19 +7211,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:549
+#: sssd-ad.5.xml:563
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:552
+#: sssd-ad.5.xml:566
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:580
#, no-wrap
msgid ""
" ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7212,7 +7231,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:557
+#: sssd-ad.5.xml:571
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7224,29 +7243,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:574
+#: sssd-ad.5.xml:588
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:579
+#: sssd-ad.5.xml:593
msgid "sudo-i"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:598
+msgid "systemd-user"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:588
+#: sssd-ad.5.xml:607
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:591
+#: sssd-ad.5.xml:610
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:604
+#: sssd-ad.5.xml:623
#, no-wrap
msgid ""
" ad_gpo_map_deny = +my_pam_service\n"
@@ -7254,12 +7278,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:614
+#: sssd-ad.5.xml:633
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:636
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7272,52 +7296,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:649
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:634
+#: sssd-ad.5.xml:653
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:639
+#: sssd-ad.5.xml:658
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:663
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:649
+#: sssd-ad.5.xml:668
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:654
+#: sssd-ad.5.xml:673
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:659
+#: sssd-ad.5.xml:678
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:683
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:689
msgid "Default: deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:679
+#: sssd-ad.5.xml:698
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7328,34 +7352,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:709
+#: sssd-ad.5.xml:728
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:745
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:753 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:775 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:775 sssd-krb5.5.xml:496
+#: sssd-ad.5.xml:797 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:778 sssd-krb5.5.xml:499
+#: sssd-ad.5.xml:800 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:823
+#: sssd-ad.5.xml:845
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7363,7 +7387,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:852
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7378,7 +7402,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:850
+#: sssd-ad.5.xml:872
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7387,7 +7411,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:846
+#: sssd-ad.5.xml:868
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7395,7 +7419,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:856
+#: sssd-ad.5.xml:878
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7862,7 +7886,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -9470,7 +9494,9 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_ssh_authorizedkeys.1.xml:58
#, no-wrap
-msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -9478,19 +9504,20 @@ msgstr ""
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by putting the following directive "
-"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:69
+#: sss_ssh_authorizedkeys.1.xml:70
#, no-wrap
msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:63
msgid ""
"If <quote>PubkeyAgent</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -9501,18 +9528,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:84
+#: sss_ssh_authorizedkeys.1.xml:85
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
diff --git a/src/man/po/ca.po b/src/man/po/ca.po
index 2df224d6c..c18836c5a 100644
--- a/src/man/po/ca.po
+++ b/src/man/po/ca.po
@@ -9,13 +9,14 @@
# muzzol <muzzol@gmail.com>, 2012
# muzzol <muzzol@gmail.com>, 2012
# Robert Antoni Buj i Gelonch, 2013
+# Robert Antoni Buj Gelonch <robert.buj@gmail.com>, 2015. #zanata
msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.2\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-01-08 18:14+0100\n"
-"PO-Revision-Date: 2014-06-04 02:04-0400\n"
-"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
+"POT-Creation-Date: 2015-02-18 16:52+0100\n"
+"PO-Revision-Date: 2015-01-31 02:07-0500\n"
+"Last-Translator: Robert Antoni Buj Gelonch <robert.buj@gmail.com>\n"
"Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/"
"ca/)\n"
"Language: ca\n"
@@ -92,7 +93,7 @@ msgstr ""
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "OPCIONS"
@@ -261,8 +262,8 @@ msgstr ""
#: sssd.conf.5.xml:81 sssd.conf.5.xml:571 sssd.conf.5.xml:1014
#: sssd-ldap.5.xml:1625 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1784
#: sssd-ldap.5.xml:2273 sssd-ldap.5.xml:2338 sssd-ldap.5.xml:2356
-#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:410 sssd-ad.5.xml:166 sssd-ad.5.xml:250
-#: sssd-ad.5.xml:695 sssd-ad.5.xml:784 sssd-krb5.5.xml:490
+#: sssd-ipa.5.xml:378 sssd-ipa.5.xml:413 sssd-ad.5.xml:166 sssd-ad.5.xml:264
+#: sssd-ad.5.xml:714 sssd-ad.5.xml:806 sssd-krb5.5.xml:490
msgid "Default: true"
msgstr "Per defecte: true"
@@ -282,7 +283,7 @@ msgstr ""
#: sssd.conf.5.xml:94 sssd.conf.5.xml:968 sssd.conf.5.xml:2043
#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1499 sssd-ldap.5.xml:1518
#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:2060 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:540 sssd-krb5.5.xml:257
+#: sssd-ipa.5.xml:208 sssd-ipa.5.xml:543 sssd-krb5.5.xml:257
#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
msgid "Default: false"
msgstr "Per defecte: false"
@@ -396,7 +397,7 @@ msgid ""
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter described the list of domains in the order you want "
"them to be queried. A domain name should only consist of alphanumeric ASCII "
-"characters, dashes and underscores."
+"characters, dashes, dots and underscores."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -596,8 +597,8 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:336 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1458
-#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:543
-#: sssd-ad.5.xml:608 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
+#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:557
+#: sssd-ad.5.xml:627 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
#: include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
@@ -1824,7 +1825,7 @@ msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:224
msgid "Default: 0 (disabled)"
msgstr ""
@@ -2832,7 +2833,7 @@ msgstr "Per defecte: Cap, no s'executa cap comanda"
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:2246 sssd-ldap.5.xml:2518 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:715 sssd-ad.5.xml:821 sssd-krb5.5.xml:519
+#: sssd-ipa.5.xml:718 sssd-ad.5.xml:843 sssd-krb5.5.xml:519
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "EXEMPLE"
@@ -3779,7 +3780,7 @@ msgid ""
"with no members and users who have never logged in) and remove them to save "
"space."
msgstr ""
-"Determina la freqüència en comprovar la memòria cau per a entrades inactives "
+"Determina cada quant es comprova la memòria cau per entrades inactives "
"(grups sense membres i usuaris que mai no han iniciat una sessió) i eliminar-"
"los per estalviar espai."
@@ -3806,7 +3807,7 @@ msgstr "L'atribut LDAP que correspon al nom complet de l'usuari."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:738 sssd-ldap.5.xml:831 sssd-ldap.5.xml:1058
#: sssd-ldap.5.xml:1132 sssd-ldap.5.xml:2102 sssd-ldap.5.xml:2441
-#: sssd-ipa.5.xml:588
+#: sssd-ipa.5.xml:591
msgid "Default: cn"
msgstr "Per defecte: cn"
@@ -4607,20 +4608,11 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1479
-#, fuzzy
-#| msgid ""
-#| "<quote>ldap</quote> to change a password stored in a LDAP server. See "
-#| "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-#| "manvolnum> </citerefentry> for more information on configuring LDAP."
msgid ""
-"Specifies acceptable cipher suites. Typically this is a colon separated "
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
msgstr ""
-"<quote>ldap</quote> per canviar una contrasenya emmagatzemada en un servidor "
-"LDAP. Vegeu <citerefentry><refentrytitle>sssd-ldap</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> per a més informació sobre "
-"configuració d'LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:1492
@@ -4787,7 +4779,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Especifica el temps de vida en segons de la TGT si s'utilitza GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:739
+#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:761
msgid "Default: 86400 (24 hours)"
msgstr "Per defecte: 86400 (24 hores)"
@@ -4832,7 +4824,7 @@ msgstr ""
"<quote>krb5_server</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:385 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:388 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (cadena)"
@@ -4849,7 +4841,7 @@ msgstr ""
"krb5.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:400 sssd-krb5.5.xml:453
+#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:403 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
@@ -5843,7 +5835,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: sssd-ldap.5.xml:2525 sssd-ldap.5.xml:2543 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:723 sssd-ad.5.xml:829 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ipa.5.xml:726 sssd-ad.5.xml:851 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
@@ -5886,7 +5878,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2559 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:844 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:866 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "NOTES"
@@ -6482,7 +6474,7 @@ msgstr ""
"complet utilitzat en el domini d'IPA per identificar aquest amfitrió."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:676
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:695
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6497,7 +6489,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:690
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:709
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6512,12 +6504,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:701
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:720
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:704
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:723
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6538,19 +6530,24 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:715
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:734
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:718
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:737
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173
+#: sssd-ipa.5.xml:173 sssd-ad.5.xml:742
+msgid "NOTE: This option currently supports only one interface."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:176
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -6558,22 +6555,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:179
+#: sssd-ipa.5.xml:182
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr "Per defecte: Utilitzar l'adreça IP de la connexió LDAP d'IPA"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:185
+#: sssd-ipa.5.xml:188
msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:192
+#: sssd-ipa.5.xml:195
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
@@ -6585,12 +6582,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:729
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:751
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:732
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:754
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6598,146 +6595,146 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:745
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:767
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:748
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:770
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:235
+#: sssd-ipa.5.xml:238
msgid ""
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:241
+#: sssd-ipa.5.xml:244
msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:759
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:781
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:762
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:784
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:766
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:788
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260
+#: sssd-ipa.5.xml:263
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263
+#: sssd-ipa.5.xml:266
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:270
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273
+#: sssd-ipa.5.xml:276
msgid "ipa_host_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276
+#: sssd-ipa.5.xml:279
msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:283 sssd-ipa.5.xml:302 sssd-ipa.5.xml:321 sssd-ipa.5.xml:340
+#: sssd-ipa.5.xml:359
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:288 sssd-ipa.5.xml:307 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "Per defecte: el valor de <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:295
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:295
+#: sssd-ipa.5.xml:298
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:311
+#: sssd-ipa.5.xml:314
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:314
+#: sssd-ipa.5.xml:317
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:326
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:330
+#: sssd-ipa.5.xml:333
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:333
+#: sssd-ipa.5.xml:336
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:345
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:349
+#: sssd-ipa.5.xml:352
msgid "ipa_views_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:352
+#: sssd-ipa.5.xml:355
msgid "Optional. Use the given string as search base for views containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:364
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368 sssd-krb5.5.xml:245
+#: sssd-ipa.5.xml:371 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:374
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
@@ -6746,7 +6743,7 @@ msgstr ""
"suplantada."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378 sssd-ad.5.xml:787
+#: sssd-ipa.5.xml:381 sssd-ad.5.xml:809
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6755,21 +6752,21 @@ msgstr ""
"proveïdor Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:388
+#: sssd-ipa.5.xml:391
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:395
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:403
+#: sssd-ipa.5.xml:406
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -6777,24 +6774,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:416 sssd-krb5.5.xml:407
+#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:407
msgid "krb5_use_fast (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:410
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:410
msgid ""
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:424
+#: sssd-ipa.5.xml:427
msgid "<emphasis>never</emphasis> use FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:430
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it. This is equivalent to not setting "
@@ -6802,19 +6799,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:433 sssd-krb5.5.xml:424
+#: sssd-ipa.5.xml:436 sssd-krb5.5.xml:424
msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:438
+#: sssd-ipa.5.xml:441
msgid "Default: try"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:441 sssd-krb5.5.xml:435
+#: sssd-ipa.5.xml:444 sssd-krb5.5.xml:435
msgid ""
"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
"SSSD is used with an older version of MIT Kerberos, using this option is a "
@@ -6822,39 +6819,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:794
+#: sssd-ipa.5.xml:453 sssd-ad.5.xml:816
#, fuzzy
#| msgid "krb5_realm (string)"
msgid "krb5_confd_path (string)"
msgstr "krb5_realm (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:453 sssd-ad.5.xml:797
+#: sssd-ipa.5.xml:456 sssd-ad.5.xml:819
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:457 sssd-ad.5.xml:801
+#: sssd-ipa.5.xml:460 sssd-ad.5.xml:823
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:805
+#: sssd-ipa.5.xml:464 sssd-ad.5.xml:827
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:468
+#: sssd-ipa.5.xml:471
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:474
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -6862,17 +6859,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:478 sssd-ipa.5.xml:494 sssd-ad.5.xml:330
+#: sssd-ipa.5.xml:481 sssd-ipa.5.xml:497 sssd-ad.5.xml:344
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:484
+#: sssd-ipa.5.xml:487
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:490
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -6880,12 +6877,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:503
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:506
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -6894,209 +6891,209 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:515
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:517
+#: sssd-ipa.5.xml:520
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:522
+#: sssd-ipa.5.xml:525
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:531
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:534
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:535
+#: sssd-ipa.5.xml:538
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:549
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:549
+#: sssd-ipa.5.xml:552
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:552
+#: sssd-ipa.5.xml:555
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:560
+#: sssd-ipa.5.xml:563
msgid "VIEWS AND OVERRIDES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:572
msgid "ipa_view_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:572
+#: sssd-ipa.5.xml:575
msgid "Objectclass of the view container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:578
msgid "Default: nsContainer"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:581
+#: sssd-ipa.5.xml:584
msgid "ipa_view_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:584
+#: sssd-ipa.5.xml:587
msgid "Name of the attribute holding the name of the view."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:594
+#: sssd-ipa.5.xml:597
msgid "ipa_overide_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:597
+#: sssd-ipa.5.xml:600
msgid "Objectclass of the override objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:600
+#: sssd-ipa.5.xml:603
msgid "Default: ipaOverrideAnchor"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:606
+#: sssd-ipa.5.xml:609
msgid "ipa_anchor_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:612
msgid ""
"Name of the attribute containing the reference to the original object in a "
"remote domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:613
+#: sssd-ipa.5.xml:616
msgid "Default: ipaAnchorUUID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
+#: sssd-ipa.5.xml:622
msgid "ipa_user_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
+#: sssd-ipa.5.xml:625
msgid ""
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:627
+#: sssd-ipa.5.xml:630
msgid "User overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:630
+#: sssd-ipa.5.xml:633
msgid "ldap_user_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:633
+#: sssd-ipa.5.xml:636
msgid "ldap_user_uid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:636
+#: sssd-ipa.5.xml:639
msgid "ldap_user_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:639
+#: sssd-ipa.5.xml:642
msgid "ldap_user_gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:642
+#: sssd-ipa.5.xml:645
msgid "ldap_user_home_directory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:645
+#: sssd-ipa.5.xml:648
msgid "ldap_user_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:651
msgid "ldap_user_ssh_public_key"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:653
+#: sssd-ipa.5.xml:656
msgid "Default: ipaUserOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:659
+#: sssd-ipa.5.xml:662
msgid "ipa_group_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:662
+#: sssd-ipa.5.xml:665
msgid ""
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:667
+#: sssd-ipa.5.xml:670
msgid "Group overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:670
+#: sssd-ipa.5.xml:673
msgid "ldap_group_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:673
+#: sssd-ipa.5.xml:676
msgid "ldap_group_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:678
+#: sssd-ipa.5.xml:681
msgid "Default: ipaGroupOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:565
msgid ""
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
@@ -7106,19 +7103,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:688
+#: sssd-ipa.5.xml:691
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:690
+#: sssd-ipa.5.xml:693
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:694
+#: sssd-ipa.5.xml:697
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -7126,7 +7123,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:700
+#: sssd-ipa.5.xml:703
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -7138,7 +7135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:717
+#: sssd-ipa.5.xml:720
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7150,7 +7147,7 @@ msgstr ""
"IPA."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:724
+#: sssd-ipa.5.xml:727
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -7394,17 +7391,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225
+#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:231
+#, fuzzy
+#| msgid "ipa_hostname (string)"
+msgid "ad_site (string)"
+msgstr "ipa_hostname (cadeba)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:245
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:248
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7413,7 +7424,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:242
+#: sssd-ad.5.xml:256
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7422,12 +7433,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:270
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:259
+#: sssd-ad.5.xml:273
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7437,14 +7448,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268
+#: sssd-ad.5.xml:282
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:274
+#: sssd-ad.5.xml:288
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7457,23 +7468,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:287
+#: sssd-ad.5.xml:301
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:291
+#: sssd-ad.5.xml:305
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:297
+#: sssd-ad.5.xml:311
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:303
+#: sssd-ad.5.xml:317
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7481,17 +7492,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:314
+#: sssd-ad.5.xml:328
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:320
+#: sssd-ad.5.xml:334
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:323
+#: sssd-ad.5.xml:337
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7499,12 +7510,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:336
+#: sssd-ad.5.xml:350
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:339
+#: sssd-ad.5.xml:353
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7512,7 +7523,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:345
+#: sssd-ad.5.xml:359
msgid ""
"Note: Using the Group Policy Management Editor this value "
"InteractiveLogonRight is called \"Allow log on locally\" and \"Deny log on "
@@ -7520,7 +7531,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:359
+#: sssd-ad.5.xml:373
#, no-wrap
msgid ""
" ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7528,7 +7539,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:350
+#: sssd-ad.5.xml:364
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7540,53 +7551,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:363 sssd-ad.5.xml:434 sssd-ad.5.xml:469 sssd-ad.5.xml:509
-#: sssd-ad.5.xml:570
+#: sssd-ad.5.xml:377 sssd-ad.5.xml:448 sssd-ad.5.xml:483 sssd-ad.5.xml:523
+#: sssd-ad.5.xml:584
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:381
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:372
+#: sssd-ad.5.xml:386
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:377
+#: sssd-ad.5.xml:391
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:396
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:387
+#: sssd-ad.5.xml:401
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:406
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:397
+#: sssd-ad.5.xml:411
msgid "kdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:406
+#: sssd-ad.5.xml:420
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:423
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7594,7 +7605,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:415
+#: sssd-ad.5.xml:429
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7602,7 +7613,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:430
+#: sssd-ad.5.xml:444
#, no-wrap
msgid ""
" ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7610,7 +7621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:435
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7622,17 +7633,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:452
msgid "sshd"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:461
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:450
+#: sssd-ad.5.xml:464
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7640,7 +7651,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:479
#, no-wrap
msgid ""
" ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7648,7 +7659,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:456
+#: sssd-ad.5.xml:470
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7660,22 +7671,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:487
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:478
+#: sssd-ad.5.xml:492
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:487
+#: sssd-ad.5.xml:501
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:504
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7683,7 +7694,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:519
#, no-wrap
msgid ""
" ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7691,7 +7702,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:510
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7703,17 +7714,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:527
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:522
+#: sssd-ad.5.xml:536
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:525
+#: sssd-ad.5.xml:539
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7721,7 +7732,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:539
+#: sssd-ad.5.xml:553
#, no-wrap
msgid ""
" ad_gpo_map_service = +my_pam_service\n"
@@ -7729,7 +7740,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:531 sssd-ad.5.xml:596
+#: sssd-ad.5.xml:545 sssd-ad.5.xml:615
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7740,19 +7751,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:549
+#: sssd-ad.5.xml:563
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:552
+#: sssd-ad.5.xml:566
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:580
#, no-wrap
msgid ""
" ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7760,7 +7771,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:557
+#: sssd-ad.5.xml:571
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7772,29 +7783,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:574
+#: sssd-ad.5.xml:588
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:579
+#: sssd-ad.5.xml:593
msgid "sudo-i"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:598
+msgid "systemd-user"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:588
+#: sssd-ad.5.xml:607
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:591
+#: sssd-ad.5.xml:610
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:604
+#: sssd-ad.5.xml:623
#, no-wrap
msgid ""
" ad_gpo_map_deny = +my_pam_service\n"
@@ -7802,12 +7818,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:614
+#: sssd-ad.5.xml:633
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:636
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7820,52 +7836,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:649
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:634
+#: sssd-ad.5.xml:653
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:639
+#: sssd-ad.5.xml:658
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:663
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:649
+#: sssd-ad.5.xml:668
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:654
+#: sssd-ad.5.xml:673
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:659
+#: sssd-ad.5.xml:678
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:683
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:689
msgid "Default: deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:679
+#: sssd-ad.5.xml:698
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7876,34 +7892,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:709
+#: sssd-ad.5.xml:728
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:745
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:753 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:775 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:775 sssd-krb5.5.xml:496
+#: sssd-ad.5.xml:797 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:778 sssd-krb5.5.xml:499
+#: sssd-ad.5.xml:800 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:823
+#: sssd-ad.5.xml:845
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7911,7 +7927,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:852
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7926,7 +7942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:850
+#: sssd-ad.5.xml:872
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7935,7 +7951,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:846
+#: sssd-ad.5.xml:868
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7943,7 +7959,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:856
+#: sssd-ad.5.xml:878
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -8445,7 +8461,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr "La contrasenya per ofuscar es llegirà de l'entrada estàndard."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -10093,27 +10109,44 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_ssh_authorizedkeys.1.xml:58
#, no-wrap
-msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:51
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of LDAP domains for "
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> "
+#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
+#| "information."
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by putting the following directive "
-"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
msgstr ""
+"Aquesta pàgina del manual descriu la configuració de dominis LDAP per a "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. Consulteu la secció <quote>FORMAT DE FITXER</quote> de la "
+"pàgina del manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> per obtenir informació detallada de "
+"la sintaxi."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:69
+#: sss_ssh_authorizedkeys.1.xml:70
#, no-wrap
msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:63
msgid ""
"If <quote>PubkeyAgent</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10124,18 +10157,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:84
+#: sss_ssh_authorizedkeys.1.xml:85
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
diff --git a/src/man/po/cs.po b/src/man/po/cs.po
index b9af27d38..33b0358c2 100644
--- a/src/man/po/cs.po
+++ b/src/man/po/cs.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.2\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-01-08 18:14+0100\n"
+"POT-Creation-Date: 2015-02-18 16:52+0100\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Czech (http://www.transifex.com/projects/p/sssd/language/"
@@ -83,7 +83,7 @@ msgstr ""
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "VOLBY"
@@ -228,8 +228,8 @@ msgstr ""
#: sssd.conf.5.xml:81 sssd.conf.5.xml:571 sssd.conf.5.xml:1014
#: sssd-ldap.5.xml:1625 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1784
#: sssd-ldap.5.xml:2273 sssd-ldap.5.xml:2338 sssd-ldap.5.xml:2356
-#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:410 sssd-ad.5.xml:166 sssd-ad.5.xml:250
-#: sssd-ad.5.xml:695 sssd-ad.5.xml:784 sssd-krb5.5.xml:490
+#: sssd-ipa.5.xml:378 sssd-ipa.5.xml:413 sssd-ad.5.xml:166 sssd-ad.5.xml:264
+#: sssd-ad.5.xml:714 sssd-ad.5.xml:806 sssd-krb5.5.xml:490
msgid "Default: true"
msgstr ""
@@ -249,7 +249,7 @@ msgstr ""
#: sssd.conf.5.xml:94 sssd.conf.5.xml:968 sssd.conf.5.xml:2043
#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1499 sssd-ldap.5.xml:1518
#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:2060 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:540 sssd-krb5.5.xml:257
+#: sssd-ipa.5.xml:208 sssd-ipa.5.xml:543 sssd-krb5.5.xml:257
#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
msgid "Default: false"
msgstr ""
@@ -357,7 +357,7 @@ msgid ""
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter described the list of domains in the order you want "
"them to be queried. A domain name should only consist of alphanumeric ASCII "
-"characters, dashes and underscores."
+"characters, dashes, dots and underscores."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -542,8 +542,8 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:336 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1458
-#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:543
-#: sssd-ad.5.xml:608 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
+#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:557
+#: sssd-ad.5.xml:627 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
#: include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
@@ -1695,7 +1695,7 @@ msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:224
msgid "Default: 0 (disabled)"
msgstr ""
@@ -2619,7 +2619,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:2246 sssd-ldap.5.xml:2518 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:715 sssd-ad.5.xml:821 sssd-krb5.5.xml:519
+#: sssd-ipa.5.xml:718 sssd-ad.5.xml:843 sssd-krb5.5.xml:519
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
@@ -3495,7 +3495,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:738 sssd-ldap.5.xml:831 sssd-ldap.5.xml:1058
#: sssd-ldap.5.xml:1132 sssd-ldap.5.xml:2102 sssd-ldap.5.xml:2441
-#: sssd-ipa.5.xml:588
+#: sssd-ipa.5.xml:591
msgid "Default: cn"
msgstr ""
@@ -4251,7 +4251,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1479
msgid ""
-"Specifies acceptable cipher suites. Typically this is a colon separated "
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
msgstr ""
@@ -4412,7 +4412,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:739
+#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:761
msgid "Default: 86400 (24 hours)"
msgstr ""
@@ -4450,7 +4450,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:385 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:388 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
@@ -4465,7 +4465,7 @@ msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:400 sssd-krb5.5.xml:453
+#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:403 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
@@ -5396,7 +5396,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: sssd-ldap.5.xml:2525 sssd-ldap.5.xml:2543 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:723 sssd-ad.5.xml:829 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ipa.5.xml:726 sssd-ad.5.xml:851 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -5431,7 +5431,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2559 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:844 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:866 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
@@ -5943,7 +5943,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:676
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:695
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5958,7 +5958,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:690
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:709
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5973,12 +5973,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:701
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:720
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:704
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:723
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -5999,19 +5999,24 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:715
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:734
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:718
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:737
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173
+#: sssd-ipa.5.xml:173 sssd-ad.5.xml:742
+msgid "NOTE: This option currently supports only one interface."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:176
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -6019,22 +6024,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:179
+#: sssd-ipa.5.xml:182
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:185
+#: sssd-ipa.5.xml:188
msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:192
+#: sssd-ipa.5.xml:195
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
@@ -6046,12 +6051,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:729
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:751
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:732
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:754
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6059,174 +6064,174 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:745
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:767
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:748
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:770
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:235
+#: sssd-ipa.5.xml:238
msgid ""
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:241
+#: sssd-ipa.5.xml:244
msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:759
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:781
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:762
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:784
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:766
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:788
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260
+#: sssd-ipa.5.xml:263
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263
+#: sssd-ipa.5.xml:266
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:270
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273
+#: sssd-ipa.5.xml:276
msgid "ipa_host_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276
+#: sssd-ipa.5.xml:279
msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:283 sssd-ipa.5.xml:302 sssd-ipa.5.xml:321 sssd-ipa.5.xml:340
+#: sssd-ipa.5.xml:359
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:288 sssd-ipa.5.xml:307 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:295
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:295
+#: sssd-ipa.5.xml:298
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:311
+#: sssd-ipa.5.xml:314
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:314
+#: sssd-ipa.5.xml:317
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:326
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:330
+#: sssd-ipa.5.xml:333
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:333
+#: sssd-ipa.5.xml:336
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:345
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:349
+#: sssd-ipa.5.xml:352
msgid "ipa_views_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:352
+#: sssd-ipa.5.xml:355
msgid "Optional. Use the given string as search base for views containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:364
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368 sssd-krb5.5.xml:245
+#: sssd-ipa.5.xml:371 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:374
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378 sssd-ad.5.xml:787
+#: sssd-ipa.5.xml:381 sssd-ad.5.xml:809
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:388
+#: sssd-ipa.5.xml:391
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:395
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:403
+#: sssd-ipa.5.xml:406
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -6234,24 +6239,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:416 sssd-krb5.5.xml:407
+#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:407
msgid "krb5_use_fast (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:410
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:410
msgid ""
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:424
+#: sssd-ipa.5.xml:427
msgid "<emphasis>never</emphasis> use FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:430
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it. This is equivalent to not setting "
@@ -6259,19 +6264,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:433 sssd-krb5.5.xml:424
+#: sssd-ipa.5.xml:436 sssd-krb5.5.xml:424
msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:438
+#: sssd-ipa.5.xml:441
msgid "Default: try"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:441 sssd-krb5.5.xml:435
+#: sssd-ipa.5.xml:444 sssd-krb5.5.xml:435
msgid ""
"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
"SSSD is used with an older version of MIT Kerberos, using this option is a "
@@ -6279,37 +6284,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:794
+#: sssd-ipa.5.xml:453 sssd-ad.5.xml:816
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:453 sssd-ad.5.xml:797
+#: sssd-ipa.5.xml:456 sssd-ad.5.xml:819
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:457 sssd-ad.5.xml:801
+#: sssd-ipa.5.xml:460 sssd-ad.5.xml:823
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:805
+#: sssd-ipa.5.xml:464 sssd-ad.5.xml:827
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:468
+#: sssd-ipa.5.xml:471
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:474
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -6317,17 +6322,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:478 sssd-ipa.5.xml:494 sssd-ad.5.xml:330
+#: sssd-ipa.5.xml:481 sssd-ipa.5.xml:497 sssd-ad.5.xml:344
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:484
+#: sssd-ipa.5.xml:487
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:490
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -6335,12 +6340,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:503
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:506
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -6349,209 +6354,209 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:515
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:517
+#: sssd-ipa.5.xml:520
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:522
+#: sssd-ipa.5.xml:525
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:531
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:534
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:535
+#: sssd-ipa.5.xml:538
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:549
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:549
+#: sssd-ipa.5.xml:552
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:552
+#: sssd-ipa.5.xml:555
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:560
+#: sssd-ipa.5.xml:563
msgid "VIEWS AND OVERRIDES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:572
msgid "ipa_view_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:572
+#: sssd-ipa.5.xml:575
msgid "Objectclass of the view container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:578
msgid "Default: nsContainer"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:581
+#: sssd-ipa.5.xml:584
msgid "ipa_view_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:584
+#: sssd-ipa.5.xml:587
msgid "Name of the attribute holding the name of the view."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:594
+#: sssd-ipa.5.xml:597
msgid "ipa_overide_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:597
+#: sssd-ipa.5.xml:600
msgid "Objectclass of the override objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:600
+#: sssd-ipa.5.xml:603
msgid "Default: ipaOverrideAnchor"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:606
+#: sssd-ipa.5.xml:609
msgid "ipa_anchor_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:612
msgid ""
"Name of the attribute containing the reference to the original object in a "
"remote domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:613
+#: sssd-ipa.5.xml:616
msgid "Default: ipaAnchorUUID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
+#: sssd-ipa.5.xml:622
msgid "ipa_user_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
+#: sssd-ipa.5.xml:625
msgid ""
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:627
+#: sssd-ipa.5.xml:630
msgid "User overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:630
+#: sssd-ipa.5.xml:633
msgid "ldap_user_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:633
+#: sssd-ipa.5.xml:636
msgid "ldap_user_uid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:636
+#: sssd-ipa.5.xml:639
msgid "ldap_user_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:639
+#: sssd-ipa.5.xml:642
msgid "ldap_user_gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:642
+#: sssd-ipa.5.xml:645
msgid "ldap_user_home_directory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:645
+#: sssd-ipa.5.xml:648
msgid "ldap_user_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:651
msgid "ldap_user_ssh_public_key"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:653
+#: sssd-ipa.5.xml:656
msgid "Default: ipaUserOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:659
+#: sssd-ipa.5.xml:662
msgid "ipa_group_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:662
+#: sssd-ipa.5.xml:665
msgid ""
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:667
+#: sssd-ipa.5.xml:670
msgid "Group overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:670
+#: sssd-ipa.5.xml:673
msgid "ldap_group_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:673
+#: sssd-ipa.5.xml:676
msgid "ldap_group_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:678
+#: sssd-ipa.5.xml:681
msgid "Default: ipaGroupOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:565
msgid ""
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
@@ -6561,19 +6566,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:688
+#: sssd-ipa.5.xml:691
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:690
+#: sssd-ipa.5.xml:693
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:694
+#: sssd-ipa.5.xml:697
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6581,7 +6586,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:700
+#: sssd-ipa.5.xml:703
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6593,7 +6598,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:717
+#: sssd-ipa.5.xml:720
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6601,7 +6606,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:724
+#: sssd-ipa.5.xml:727
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6841,18 +6846,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225
+#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:231
-msgid "ad_enable_gc (boolean)"
+msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:234
msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:245
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:248
+msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
@@ -6860,7 +6877,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:242
+#: sssd-ad.5.xml:256
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -6869,12 +6886,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:270
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:259
+#: sssd-ad.5.xml:273
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -6884,14 +6901,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268
+#: sssd-ad.5.xml:282
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:274
+#: sssd-ad.5.xml:288
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -6904,23 +6921,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:287
+#: sssd-ad.5.xml:301
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:291
+#: sssd-ad.5.xml:305
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:297
+#: sssd-ad.5.xml:311
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:303
+#: sssd-ad.5.xml:317
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -6928,17 +6945,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:314
+#: sssd-ad.5.xml:328
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:320
+#: sssd-ad.5.xml:334
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:323
+#: sssd-ad.5.xml:337
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -6946,12 +6963,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:336
+#: sssd-ad.5.xml:350
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:339
+#: sssd-ad.5.xml:353
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -6959,7 +6976,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:345
+#: sssd-ad.5.xml:359
msgid ""
"Note: Using the Group Policy Management Editor this value "
"InteractiveLogonRight is called \"Allow log on locally\" and \"Deny log on "
@@ -6967,7 +6984,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:359
+#: sssd-ad.5.xml:373
#, no-wrap
msgid ""
" ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -6975,7 +6992,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:350
+#: sssd-ad.5.xml:364
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -6987,53 +7004,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:363 sssd-ad.5.xml:434 sssd-ad.5.xml:469 sssd-ad.5.xml:509
-#: sssd-ad.5.xml:570
+#: sssd-ad.5.xml:377 sssd-ad.5.xml:448 sssd-ad.5.xml:483 sssd-ad.5.xml:523
+#: sssd-ad.5.xml:584
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:381
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:372
+#: sssd-ad.5.xml:386
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:377
+#: sssd-ad.5.xml:391
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:396
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:387
+#: sssd-ad.5.xml:401
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:406
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:397
+#: sssd-ad.5.xml:411
msgid "kdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:406
+#: sssd-ad.5.xml:420
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:423
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7041,7 +7058,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:415
+#: sssd-ad.5.xml:429
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7049,7 +7066,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:430
+#: sssd-ad.5.xml:444
#, no-wrap
msgid ""
" ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7057,7 +7074,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:435
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7069,17 +7086,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:452
msgid "sshd"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:461
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:450
+#: sssd-ad.5.xml:464
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7087,7 +7104,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:479
#, no-wrap
msgid ""
" ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7095,7 +7112,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:456
+#: sssd-ad.5.xml:470
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7107,22 +7124,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:487
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:478
+#: sssd-ad.5.xml:492
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:487
+#: sssd-ad.5.xml:501
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:504
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7130,7 +7147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:519
#, no-wrap
msgid ""
" ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7138,7 +7155,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:510
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7150,17 +7167,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:527
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:522
+#: sssd-ad.5.xml:536
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:525
+#: sssd-ad.5.xml:539
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7168,7 +7185,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:539
+#: sssd-ad.5.xml:553
#, no-wrap
msgid ""
" ad_gpo_map_service = +my_pam_service\n"
@@ -7176,7 +7193,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:531 sssd-ad.5.xml:596
+#: sssd-ad.5.xml:545 sssd-ad.5.xml:615
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7187,19 +7204,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:549
+#: sssd-ad.5.xml:563
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:552
+#: sssd-ad.5.xml:566
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:580
#, no-wrap
msgid ""
" ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7207,7 +7224,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:557
+#: sssd-ad.5.xml:571
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7219,29 +7236,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:574
+#: sssd-ad.5.xml:588
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:579
+#: sssd-ad.5.xml:593
msgid "sudo-i"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:598
+msgid "systemd-user"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:588
+#: sssd-ad.5.xml:607
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:591
+#: sssd-ad.5.xml:610
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:604
+#: sssd-ad.5.xml:623
#, no-wrap
msgid ""
" ad_gpo_map_deny = +my_pam_service\n"
@@ -7249,12 +7271,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:614
+#: sssd-ad.5.xml:633
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:636
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7267,52 +7289,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:649
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:634
+#: sssd-ad.5.xml:653
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:639
+#: sssd-ad.5.xml:658
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:663
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:649
+#: sssd-ad.5.xml:668
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:654
+#: sssd-ad.5.xml:673
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:659
+#: sssd-ad.5.xml:678
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:683
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:689
msgid "Default: deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:679
+#: sssd-ad.5.xml:698
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7323,34 +7345,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:709
+#: sssd-ad.5.xml:728
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:745
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:753 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:775 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:775 sssd-krb5.5.xml:496
+#: sssd-ad.5.xml:797 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:778 sssd-krb5.5.xml:499
+#: sssd-ad.5.xml:800 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:823
+#: sssd-ad.5.xml:845
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7358,7 +7380,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:852
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7373,7 +7395,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:850
+#: sssd-ad.5.xml:872
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7382,7 +7404,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:846
+#: sssd-ad.5.xml:868
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7390,7 +7412,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:856
+#: sssd-ad.5.xml:878
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7857,7 +7879,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -9470,7 +9492,9 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_ssh_authorizedkeys.1.xml:58
#, no-wrap
-msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -9478,19 +9502,20 @@ msgstr ""
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by putting the following directive "
-"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:69
+#: sss_ssh_authorizedkeys.1.xml:70
#, no-wrap
msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:63
msgid ""
"If <quote>PubkeyAgent</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -9501,18 +9526,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:84
+#: sss_ssh_authorizedkeys.1.xml:85
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
diff --git a/src/man/po/de.po b/src/man/po/de.po
index fe11ddb3b..3a9425f8b 100644
--- a/src/man/po/de.po
+++ b/src/man/po/de.po
@@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.2\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-01-08 18:14+0100\n"
+"POT-Creation-Date: 2015-02-18 16:52+0100\n"
"PO-Revision-Date: 2014-06-09 02:21-0400\n"
"Last-Translator: Mario Blättermann <mario.blaettermann@gmail.com>\n"
"Language-Team: German (http://www.transifex.com/projects/p/sssd/language/"
@@ -90,7 +90,7 @@ msgstr ""
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "OPTIONEN"
@@ -263,8 +263,8 @@ msgstr ""
#: sssd.conf.5.xml:81 sssd.conf.5.xml:571 sssd.conf.5.xml:1014
#: sssd-ldap.5.xml:1625 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1784
#: sssd-ldap.5.xml:2273 sssd-ldap.5.xml:2338 sssd-ldap.5.xml:2356
-#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:410 sssd-ad.5.xml:166 sssd-ad.5.xml:250
-#: sssd-ad.5.xml:695 sssd-ad.5.xml:784 sssd-krb5.5.xml:490
+#: sssd-ipa.5.xml:378 sssd-ipa.5.xml:413 sssd-ad.5.xml:166 sssd-ad.5.xml:264
+#: sssd-ad.5.xml:714 sssd-ad.5.xml:806 sssd-krb5.5.xml:490
msgid "Default: true"
msgstr "Voreinstellung: »true«"
@@ -284,7 +284,7 @@ msgstr ""
#: sssd.conf.5.xml:94 sssd.conf.5.xml:968 sssd.conf.5.xml:2043
#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1499 sssd-ldap.5.xml:1518
#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:2060 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:540 sssd-krb5.5.xml:257
+#: sssd-ipa.5.xml:208 sssd-ipa.5.xml:543 sssd-krb5.5.xml:257
#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
msgid "Default: false"
msgstr "Voreinstellung: »false«"
@@ -401,12 +401,19 @@ msgstr "Domains"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:181
+#, fuzzy
+#| msgid ""
+#| "A domain is a database containing user information. SSSD can use more "
+#| "domains at the same time, but at least one must be configured or SSSD "
+#| "won't start. This parameter described the list of domains in the order "
+#| "you want them to be queried. A domain name should only consist of "
+#| "alphanumeric ASCII characters, dashes and underscores."
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter described the list of domains in the order you want "
"them to be queried. A domain name should only consist of alphanumeric ASCII "
-"characters, dashes and underscores."
+"characters, dashes, dots and underscores."
msgstr ""
"Eine Domain ist eine Datenbank, die Benutzerinformationen enthält. SSSD kann "
"mehrere Domains gleichzeitig verwenden, eine muss aber mindestens "
@@ -647,8 +654,8 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:336 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1458
-#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:543
-#: sssd-ad.5.xml:608 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
+#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:557
+#: sssd-ad.5.xml:627 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
#: include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr "Voreinstellung: nicht gesetzt"
@@ -2039,7 +2046,7 @@ msgstr ""
"setzen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:224
msgid "Default: 0 (disabled)"
msgstr "Voreinstellung: 0 (deaktiviert)"
@@ -3166,7 +3173,7 @@ msgstr "Voreinstellung: keine, es wird kein Befehl ausgeführt"
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:2246 sssd-ldap.5.xml:2518 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:715 sssd-ad.5.xml:821 sssd-krb5.5.xml:519
+#: sssd-ipa.5.xml:718 sssd-ad.5.xml:843 sssd-krb5.5.xml:519
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "BEISPIEL"
@@ -4225,7 +4232,7 @@ msgstr "das LDAP-Attribut, das dem vollständigen Benutzernamen entspricht"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:738 sssd-ldap.5.xml:831 sssd-ldap.5.xml:1058
#: sssd-ldap.5.xml:1132 sssd-ldap.5.xml:2102 sssd-ldap.5.xml:2441
-#: sssd-ipa.5.xml:588
+#: sssd-ipa.5.xml:591
msgid "Default: cn"
msgstr "Voreinstellung: cn"
@@ -5143,13 +5150,8 @@ msgstr "ldap_tls_cipher_suite (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1479
-#, fuzzy
-#| msgid ""
-#| "Specifies acceptable cipher suites. Typically this is a colon sperated "
-#| "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-#| "<manvolnum>5</manvolnum></citerefentry> for format."
msgid ""
-"Specifies acceptable cipher suites. Typically this is a colon separated "
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
msgstr ""
@@ -5350,7 +5352,7 @@ msgstr ""
"gibt die Lebensdauer eines TGT in Sekunden an, falls GSSAPI benutzt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:739
+#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:761
msgid "Default: 86400 (24 hours)"
msgstr "Voreinstellung: 86400 (24 Stunden)"
@@ -5402,7 +5404,7 @@ msgstr ""
"migrieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:385 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:388 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (Zeichenkette)"
@@ -5419,7 +5421,7 @@ msgstr ""
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:400 sssd-krb5.5.xml:453
+#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:403 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (Boolesch)"
@@ -6539,7 +6541,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: sssd-ldap.5.xml:2525 sssd-ldap.5.xml:2543 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:723 sssd-ad.5.xml:829 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ipa.5.xml:726 sssd-ad.5.xml:851 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
@@ -6597,7 +6599,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2559 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:844 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:866 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "ANMERKUNGEN"
@@ -7267,7 +7269,7 @@ msgstr ""
"zu identifizieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:676
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:695
msgid "dyndns_update (boolean)"
msgstr "dyndns_update (Boolesch)"
@@ -7287,7 +7289,7 @@ msgstr ""
"»dyndns_iface« keine andere angegeben wurde."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:690
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:709
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -7309,12 +7311,12 @@ msgstr ""
"Konfigurationsdatei migrieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:701
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:720
msgid "dyndns_ttl (integer)"
msgstr "dyndns_ttl (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:704
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:723
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -7343,12 +7345,12 @@ msgid "Default: 1200 (seconds)"
msgstr "Voreinstellung: 1200 (Sekunden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:715
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:734
msgid "dyndns_iface (string)"
msgstr "dyndns_iface (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:718
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:737
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -7358,7 +7360,12 @@ msgstr ""
"benutzt werden soll."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173
+#: sssd-ipa.5.xml:173 sssd-ad.5.xml:742
+msgid "NOTE: This option currently supports only one interface."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:176
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -7370,22 +7377,22 @@ msgstr ""
"Konfigurationsdatei migrieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:179
+#: sssd-ipa.5.xml:182
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr "Voreinstellung: verwendet die IP-Adresse der IPA-LDAP-Verbindung"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:185
+#: sssd-ipa.5.xml:188
msgid "ipa_enable_dns_sites (boolean)"
msgstr "ipa_enable_dns_sites (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr "aktiviert DNS-Sites – standortbasierte Dienstsuche"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:192
+#: sssd-ipa.5.xml:195
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
@@ -7405,12 +7412,12 @@ msgstr ""
"gefundenen als Sicherungsserver."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:729
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:751
msgid "dyndns_refresh_interval (integer)"
msgstr "dyndns_refresh_interval (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:732
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:754
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -7421,12 +7428,12 @@ msgstr ""
"Diese Option ist optional und nur anwendbar, wenn »dyndns_update« »true« ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:745
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:767
msgid "dyndns_update_ptr (bool)"
msgstr "dyndns_update_ptr (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:748
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:770
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -7436,7 +7443,7 @@ msgstr ""
"»dyndns_update« »true« ist"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:235
+#: sssd-ipa.5.xml:238
msgid ""
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
@@ -7446,17 +7453,17 @@ msgstr ""
"Weiterleitungsdatensätze ändern."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:241
+#: sssd-ipa.5.xml:244
msgid "Default: False (disabled)"
msgstr "Voreinstellung: False (deaktiviert)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:759
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:781
msgid "dyndns_force_tcp (bool)"
msgstr "dyndns_force_tcp (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:762
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:784
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
@@ -7465,42 +7472,42 @@ msgstr ""
"DNS-Server verwenden soll"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:766
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:788
msgid "Default: False (let nsupdate choose the protocol)"
msgstr "Voreinstellung: False (lässt Nsupdate das Protokoll auswählen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260
+#: sssd-ipa.5.xml:263
msgid "ipa_hbac_search_base (string)"
msgstr "ipa_hbac_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263
+#: sssd-ipa.5.xml:266
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für HBAC-"
"bezogene Objekte"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:270
msgid "Default: Use base DN"
msgstr "Voreinstellung: verwendet Basis-DN"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273
+#: sssd-ipa.5.xml:276
msgid "ipa_host_search_base (string)"
msgstr "ipa_host_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276
+#: sssd-ipa.5.xml:279
msgid "Optional. Use the given string as search base for host objects."
msgstr ""
"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für "
"Rechnerobjekte"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:283 sssd-ipa.5.xml:302 sssd-ipa.5.xml:321 sssd-ipa.5.xml:340
+#: sssd-ipa.5.xml:359
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
@@ -7509,78 +7516,78 @@ msgstr ""
"unter »ldap_search_base«."
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:288 sssd-ipa.5.xml:307 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "Voreinstellung: der Wert von <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:295
msgid "ipa_selinux_search_base (string)"
msgstr "ipa_selinux_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:295
+#: sssd-ipa.5.xml:298
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für "
"SELinux-Benutzerabbildungen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:311
+#: sssd-ipa.5.xml:314
msgid "ipa_subdomains_search_base (string)"
msgstr "ipa_subdomains_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:314
+#: sssd-ipa.5.xml:317
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für "
"vertrauenswürdige Domains"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:326
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr "Voreinstellung: der Wert von <emphasis>cn=trusts,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:330
+#: sssd-ipa.5.xml:333
msgid "ipa_master_domain_search_base (string)"
msgstr "ipa_master_domain_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:333
+#: sssd-ipa.5.xml:336
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für das "
"Master-Domain-Objekt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:345
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr "Voreinstellung: der Wert von <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:349
+#: sssd-ipa.5.xml:352
msgid "ipa_views_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:352
+#: sssd-ipa.5.xml:355
msgid "Optional. Use the given string as search base for views containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:364
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368 sssd-krb5.5.xml:245
+#: sssd-ipa.5.xml:371 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:374
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
@@ -7588,7 +7595,7 @@ msgstr ""
"prüft mit Hilfe von »krb5_keytab«, ob das erhaltene TGT keine Täuschung ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378 sssd-ad.5.xml:787
+#: sssd-ipa.5.xml:381 sssd-ad.5.xml:809
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -7597,7 +7604,7 @@ msgstr ""
"Kerberos-Anbieters unterscheidet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:388
+#: sssd-ipa.5.xml:391
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
@@ -7606,7 +7613,7 @@ msgstr ""
"Wert von »ipa_domain«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:395
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
@@ -7616,7 +7623,7 @@ msgstr ""
"zu verwenden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:403
+#: sssd-ipa.5.xml:406
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -7627,12 +7634,12 @@ msgstr ""
"Funktionalität ist mit Kerberos >= 1.7 verfügbar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:416 sssd-krb5.5.xml:407
+#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:407
msgid "krb5_use_fast (string)"
msgstr "krb5_use_fast (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:410
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:410
msgid ""
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
"authentication. The following options are supported:"
@@ -7642,12 +7649,12 @@ msgstr ""
"unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:424
+#: sssd-ipa.5.xml:427
msgid "<emphasis>never</emphasis> use FAST."
msgstr "FAST wird <emphasis>nie</emphasis> verwendet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:430
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it. This is equivalent to not setting "
@@ -7659,7 +7666,7 @@ msgstr ""
"wurde."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:433 sssd-krb5.5.xml:424
+#: sssd-ipa.5.xml:436 sssd-krb5.5.xml:424
msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
@@ -7668,12 +7675,12 @@ msgstr ""
"Authentifizierung schlägt fehl, falls der Server kein FAST erfordert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:438
+#: sssd-ipa.5.xml:441
msgid "Default: try"
msgstr "Voreinstellung: try"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:441 sssd-krb5.5.xml:435
+#: sssd-ipa.5.xml:444 sssd-krb5.5.xml:435
msgid ""
"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
"SSSD is used with an older version of MIT Kerberos, using this option is a "
@@ -7684,28 +7691,28 @@ msgstr ""
"Verwendung dieser Option ein Konfigurationsfehler."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:794
+#: sssd-ipa.5.xml:453 sssd-ad.5.xml:816
#, fuzzy
#| msgid "krb5_ccname_template (string)"
msgid "krb5_confd_path (string)"
msgstr "krb5_ccname_template (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:453 sssd-ad.5.xml:797
+#: sssd-ipa.5.xml:456 sssd-ad.5.xml:819
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:457 sssd-ad.5.xml:801
+#: sssd-ipa.5.xml:460 sssd-ad.5.xml:823
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:805
+#: sssd-ipa.5.xml:464 sssd-ad.5.xml:827
#, fuzzy
#| msgid "Default: not set (no substitution for unset home directories)"
msgid ""
@@ -7715,12 +7722,12 @@ msgstr ""
"Verzeichnisse)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:468
+#: sssd-ipa.5.xml:471
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:474
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -7731,17 +7738,17 @@ msgstr ""
"Zugriffssteuerungsanfragen in einer kurzen Zeitspanne ankommen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:478 sssd-ipa.5.xml:494 sssd-ad.5.xml:330
+#: sssd-ipa.5.xml:481 sssd-ipa.5.xml:497 sssd-ad.5.xml:344
msgid "Default: 5 (seconds)"
msgstr "Voreinstellung: 5 (Sekunden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:484
+#: sssd-ipa.5.xml:487
msgid "ipa_hbac_selinux (integer)"
msgstr "ipa_hbac_selinux (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:490
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -7752,12 +7759,12 @@ msgstr ""
"viele Benutzeranmeldeanfragen in einer kurzen Zeitspanne ankommen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:503
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:506
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -7771,7 +7778,7 @@ msgstr ""
"Übergangszeit zwei Modi unterstützen:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:515
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
@@ -7780,7 +7787,7 @@ msgstr ""
"werden, wird allen Benutzern der Zugriff verwehrt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:517
+#: sssd-ipa.5.xml:520
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
@@ -7790,22 +7797,22 @@ msgstr ""
"Tor öffnen kann."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:522
+#: sssd-ipa.5.xml:525
msgid "Default: DENY_ALL"
msgstr "Voreinstellung: DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:531
msgid "ipa_server_mode (boolean)"
msgstr "ipa_server_mode (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:534
msgid "This option should only be set by the IPA installer."
msgstr "Diese Option sollte nur vom IPA-Installer gesetzt werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:535
+#: sssd-ipa.5.xml:538
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
@@ -7815,175 +7822,175 @@ msgstr ""
"durchgeführt werden sollte."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:549
msgid "ipa_automount_location (string)"
msgstr "ipa_automount_location (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:549
+#: sssd-ipa.5.xml:552
msgid "The automounter location this IPA client will be using"
msgstr "der Ort des Automounters, den dieser IPA-Client benutzen wird"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:552
+#: sssd-ipa.5.xml:555
msgid "Default: The location named \"default\""
msgstr "Voreinstellung: der Ort namens »default«"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:560
+#: sssd-ipa.5.xml:563
msgid "VIEWS AND OVERRIDES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:572
msgid "ipa_view_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:572
+#: sssd-ipa.5.xml:575
msgid "Objectclass of the view container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:578
msgid "Default: nsContainer"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:581
+#: sssd-ipa.5.xml:584
msgid "ipa_view_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:584
+#: sssd-ipa.5.xml:587
msgid "Name of the attribute holding the name of the view."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:594
+#: sssd-ipa.5.xml:597
msgid "ipa_overide_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:597
+#: sssd-ipa.5.xml:600
msgid "Objectclass of the override objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:600
+#: sssd-ipa.5.xml:603
msgid "Default: ipaOverrideAnchor"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:606
+#: sssd-ipa.5.xml:609
msgid "ipa_anchor_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:612
msgid ""
"Name of the attribute containing the reference to the original object in a "
"remote domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:613
+#: sssd-ipa.5.xml:616
msgid "Default: ipaAnchorUUID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
+#: sssd-ipa.5.xml:622
msgid "ipa_user_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
+#: sssd-ipa.5.xml:625
msgid ""
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:627
+#: sssd-ipa.5.xml:630
msgid "User overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:630
+#: sssd-ipa.5.xml:633
msgid "ldap_user_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:633
+#: sssd-ipa.5.xml:636
msgid "ldap_user_uid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:636
+#: sssd-ipa.5.xml:639
msgid "ldap_user_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:639
+#: sssd-ipa.5.xml:642
msgid "ldap_user_gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:642
+#: sssd-ipa.5.xml:645
msgid "ldap_user_home_directory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:645
+#: sssd-ipa.5.xml:648
msgid "ldap_user_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:651
#, fuzzy
#| msgid "ldap_user_ssh_public_key (string)"
msgid "ldap_user_ssh_public_key"
msgstr "ldap_user_ssh_public_key (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:653
+#: sssd-ipa.5.xml:656
msgid "Default: ipaUserOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:659
+#: sssd-ipa.5.xml:662
msgid "ipa_group_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:662
+#: sssd-ipa.5.xml:665
msgid ""
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:667
+#: sssd-ipa.5.xml:670
msgid "Group overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:670
+#: sssd-ipa.5.xml:673
msgid "ldap_group_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:673
+#: sssd-ipa.5.xml:676
msgid "ldap_group_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:678
+#: sssd-ipa.5.xml:681
msgid "Default: ipaGroupOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:565
msgid ""
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
@@ -7993,12 +8000,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:688
+#: sssd-ipa.5.xml:691
msgid "SUBDOMAINS PROVIDER"
msgstr "ANBIETER VON UNTER-DOMAINS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:690
+#: sssd-ipa.5.xml:693
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
@@ -8007,7 +8014,7 @@ msgstr ""
"ob er explizit oder implizit konfiguriert wurde."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:694
+#: sssd-ipa.5.xml:697
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -8018,7 +8025,7 @@ msgstr ""
"und alle Subdomain-Anfragen werden, falls nötig, an den IPA-Server gesandt."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:700
+#: sssd-ipa.5.xml:703
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -8037,7 +8044,7 @@ msgstr ""
"online gegangen ist, wird der Subdomain-Anbieter erneut aktiviert."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:717
+#: sssd-ipa.5.xml:720
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8049,7 +8056,7 @@ msgstr ""
"Optionen von IPA."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:724
+#: sssd-ipa.5.xml:727
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -8384,17 +8391,31 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225
+#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
msgid "Default: Not set"
msgstr "Voreinstellung: Nicht gesetzt"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:231
+#, fuzzy
+#| msgid "ad_hostname (string)"
+msgid "ad_site (string)"
+msgstr "ad_hostname (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:245
msgid "ad_enable_gc (boolean)"
msgstr "ad_enable_gc (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:248
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -8408,7 +8429,7 @@ msgstr ""
"dem LDAP-Port des aktuellen Servers."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:242
+#: sssd-ad.5.xml:256
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -8423,12 +8444,12 @@ msgstr ""
"können."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:270
msgid "ad_gpo_access_control (string)"
msgstr "ad_gpo_access_control (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:259
+#: sssd-ad.5.xml:273
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -8442,7 +8463,7 @@ msgstr ""
"auf <quote>ad</quote> gesetzt werden muss, damit sie wirksam ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268
+#: sssd-ad.5.xml:282
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
@@ -8452,7 +8473,7 @@ msgstr ""
"anmelden darf."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:274
+#: sssd-ad.5.xml:288
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -8475,12 +8496,12 @@ msgstr ""
"»enforcing« gesetzt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:287
+#: sssd-ad.5.xml:301
msgid "There are three supported values for this option:"
msgstr "Für diese Option werden drei Werte unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:291
+#: sssd-ad.5.xml:305
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
@@ -8488,14 +8509,14 @@ msgstr ""
"deren Anwendung erzwungen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:297
+#: sssd-ad.5.xml:311
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
"enforcing: GPO-basierte Zugriffskontrollregeln werden sowohl ausgewertet als "
"auch deren Anwendung erzwungen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:303
+#: sssd-ad.5.xml:317
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -8507,17 +8528,17 @@ msgstr ""
"verweigert werden würde, wenn die Option auf »enforcing« gesetzt wäre."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:314
+#: sssd-ad.5.xml:328
msgid "Default: permissive"
msgstr "Voreinstellung: permissive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:320
+#: sssd-ad.5.xml:334
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:323
+#: sssd-ad.5.xml:337
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -8525,12 +8546,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:336
+#: sssd-ad.5.xml:350
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:339
+#: sssd-ad.5.xml:353
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -8538,7 +8559,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:345
+#: sssd-ad.5.xml:359
msgid ""
"Note: Using the Group Policy Management Editor this value "
"InteractiveLogonRight is called \"Allow log on locally\" and \"Deny log on "
@@ -8546,7 +8567,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:359
+#: sssd-ad.5.xml:373
#, no-wrap
msgid ""
" ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -8554,7 +8575,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:350
+#: sssd-ad.5.xml:364
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8566,53 +8587,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:363 sssd-ad.5.xml:434 sssd-ad.5.xml:469 sssd-ad.5.xml:509
-#: sssd-ad.5.xml:570
+#: sssd-ad.5.xml:377 sssd-ad.5.xml:448 sssd-ad.5.xml:483 sssd-ad.5.xml:523
+#: sssd-ad.5.xml:584
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:381
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:372
+#: sssd-ad.5.xml:386
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:377
+#: sssd-ad.5.xml:391
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:396
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:387
+#: sssd-ad.5.xml:401
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:406
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:397
+#: sssd-ad.5.xml:411
msgid "kdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:406
+#: sssd-ad.5.xml:420
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:423
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -8620,7 +8641,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:415
+#: sssd-ad.5.xml:429
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -8628,7 +8649,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:430
+#: sssd-ad.5.xml:444
#, no-wrap
msgid ""
" ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -8636,7 +8657,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:435
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8648,17 +8669,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:452
msgid "sshd"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:461
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:450
+#: sssd-ad.5.xml:464
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -8666,7 +8687,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:479
#, no-wrap
msgid ""
" ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -8674,7 +8695,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:456
+#: sssd-ad.5.xml:470
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8686,22 +8707,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:487
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:478
+#: sssd-ad.5.xml:492
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:487
+#: sssd-ad.5.xml:501
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:504
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -8709,7 +8730,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:519
#, no-wrap
msgid ""
" ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -8717,7 +8738,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:510
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8729,17 +8750,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:527
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:522
+#: sssd-ad.5.xml:536
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:525
+#: sssd-ad.5.xml:539
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -8747,7 +8768,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:539
+#: sssd-ad.5.xml:553
#, no-wrap
msgid ""
" ad_gpo_map_service = +my_pam_service\n"
@@ -8755,7 +8776,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:531 sssd-ad.5.xml:596
+#: sssd-ad.5.xml:545 sssd-ad.5.xml:615
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -8766,19 +8787,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:549
+#: sssd-ad.5.xml:563
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:552
+#: sssd-ad.5.xml:566
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:580
#, no-wrap
msgid ""
" ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -8786,7 +8807,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:557
+#: sssd-ad.5.xml:571
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8798,29 +8819,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:574
+#: sssd-ad.5.xml:588
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:579
+#: sssd-ad.5.xml:593
msgid "sudo-i"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:598
+msgid "systemd-user"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:588
+#: sssd-ad.5.xml:607
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:591
+#: sssd-ad.5.xml:610
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:604
+#: sssd-ad.5.xml:623
#, no-wrap
msgid ""
" ad_gpo_map_deny = +my_pam_service\n"
@@ -8828,12 +8854,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:614
+#: sssd-ad.5.xml:633
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:636
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -8846,52 +8872,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:649
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:634
+#: sssd-ad.5.xml:653
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:639
+#: sssd-ad.5.xml:658
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:663
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:649
+#: sssd-ad.5.xml:668
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:654
+#: sssd-ad.5.xml:673
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:659
+#: sssd-ad.5.xml:678
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:683
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:689
msgid "Default: deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:679
+#: sssd-ad.5.xml:698
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -8909,27 +8935,27 @@ msgstr ""
"»dyndns_iface« angegeben wurde."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:709
+#: sssd-ad.5.xml:728
msgid "Default: 3600 (seconds)"
msgstr "Voreinstellung: 3600 (Sekunden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:745
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr "Voreinstellung: verwendet die IP-Adresse der AD-LDAP-Verbindung"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:753 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:775 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr "Voreinstellung: True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:775 sssd-krb5.5.xml:496
+#: sssd-ad.5.xml:797 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr "krb5_use_enterprise_principal (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:778 sssd-krb5.5.xml:499
+#: sssd-ad.5.xml:800 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
@@ -8939,7 +8965,7 @@ msgstr ""
"Abschnitt 5 von RFC 6806."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:823
+#: sssd-ad.5.xml:845
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8951,7 +8977,7 @@ msgstr ""
"Optionen von AD."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:852
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -8975,7 +9001,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:850
+#: sssd-ad.5.xml:872
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -8987,7 +9013,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:846
+#: sssd-ad.5.xml:868
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -8998,7 +9024,7 @@ msgstr ""
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:856
+#: sssd-ad.5.xml:878
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -9601,7 +9627,7 @@ msgstr ""
"gelesen."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -11564,18 +11590,30 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_ssh_authorizedkeys.1.xml:58
-#, no-wrap
-msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+#, fuzzy, no-wrap
+#| msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
msgstr "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:51
+#, fuzzy
+#| msgid ""
+#| "If <quote>AuthorizedKeysCommand</quote> is supported, "
+#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#| "manvolnum></citerefentry> can be configured to use it by putting the "
+#| "following directive in <citerefentry> <refentrytitle>sshd_config</"
+#| "refentrytitle> <manvolnum>5</manvolnum></citerefentry>: <placeholder type="
+#| "\"programlisting\" id=\"0\"/>"
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by putting the following directive "
-"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
msgstr ""
"Falls »AuthorizedKeysCommand« unterstützt wird, kann "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -11585,13 +11623,13 @@ msgstr ""
"\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:69
+#: sss_ssh_authorizedkeys.1.xml:70
#, no-wrap
msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:63
msgid ""
"If <quote>PubkeyAgent</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -11608,7 +11646,7 @@ msgstr ""
"\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:84
+#: sss_ssh_authorizedkeys.1.xml:85
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
@@ -11616,12 +11654,12 @@ msgstr ""
"<replaceable>DOMAIN</replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr "EXIT-STATUS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
diff --git a/src/man/po/es.po b/src/man/po/es.po
index ec6e5d3ab..e684149fa 100644
--- a/src/man/po/es.po
+++ b/src/man/po/es.po
@@ -15,7 +15,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.2\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-01-08 18:14+0100\n"
+"POT-Creation-Date: 2015-02-18 16:52+0100\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Spanish (http://www.transifex.com/projects/p/sssd/language/"
@@ -95,7 +95,7 @@ msgstr ""
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "OPCIONES"
@@ -268,8 +268,8 @@ msgstr ""
#: sssd.conf.5.xml:81 sssd.conf.5.xml:571 sssd.conf.5.xml:1014
#: sssd-ldap.5.xml:1625 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1784
#: sssd-ldap.5.xml:2273 sssd-ldap.5.xml:2338 sssd-ldap.5.xml:2356
-#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:410 sssd-ad.5.xml:166 sssd-ad.5.xml:250
-#: sssd-ad.5.xml:695 sssd-ad.5.xml:784 sssd-krb5.5.xml:490
+#: sssd-ipa.5.xml:378 sssd-ipa.5.xml:413 sssd-ad.5.xml:166 sssd-ad.5.xml:264
+#: sssd-ad.5.xml:714 sssd-ad.5.xml:806 sssd-krb5.5.xml:490
msgid "Default: true"
msgstr "Predeterminado: true"
@@ -289,7 +289,7 @@ msgstr ""
#: sssd.conf.5.xml:94 sssd.conf.5.xml:968 sssd.conf.5.xml:2043
#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1499 sssd-ldap.5.xml:1518
#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:2060 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:540 sssd-krb5.5.xml:257
+#: sssd-ipa.5.xml:208 sssd-ipa.5.xml:543 sssd-krb5.5.xml:257
#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
msgid "Default: false"
msgstr "Predeterminado: false"
@@ -405,7 +405,7 @@ msgid ""
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter described the list of domains in the order you want "
"them to be queried. A domain name should only consist of alphanumeric ASCII "
-"characters, dashes and underscores."
+"characters, dashes, dots and underscores."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -629,8 +629,8 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:336 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1458
-#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:543
-#: sssd-ad.5.xml:608 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
+#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:557
+#: sssd-ad.5.xml:627 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
#: include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr "Predeterminado: no definido"
@@ -1956,7 +1956,7 @@ msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:224
msgid "Default: 0 (disabled)"
msgstr ""
@@ -3058,7 +3058,7 @@ msgstr "Predeterminado: None, no se ejecuta comando"
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:2246 sssd-ldap.5.xml:2518 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:715 sssd-ad.5.xml:821 sssd-krb5.5.xml:519
+#: sssd-ipa.5.xml:718 sssd-ad.5.xml:843 sssd-krb5.5.xml:519
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "EJEMPLO"
@@ -4093,7 +4093,7 @@ msgstr "El atributo LDAP que corresponde al nombre completo del usuario."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:738 sssd-ldap.5.xml:831 sssd-ldap.5.xml:1058
#: sssd-ldap.5.xml:1132 sssd-ldap.5.xml:2102 sssd-ldap.5.xml:2441
-#: sssd-ipa.5.xml:588
+#: sssd-ipa.5.xml:591
msgid "Default: cn"
msgstr "Predeterminado: cn"
@@ -4965,13 +4965,8 @@ msgstr "ldap_tls_cipher_suite (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1479
-#, fuzzy
-#| msgid ""
-#| "Specifies acceptable cipher suites. Typically this is a colon sperated "
-#| "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-#| "<manvolnum>5</manvolnum></citerefentry> for format."
msgid ""
-"Specifies acceptable cipher suites. Typically this is a colon separated "
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
msgstr ""
@@ -5157,7 +5152,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Especifica el tiempo de vida en segundos del TGT si se usa GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:739
+#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:761
msgid "Default: 86400 (24 hours)"
msgstr "Predeterminado: 86400 (24 horas)"
@@ -5209,7 +5204,7 @@ msgstr ""
"configuración para usar <quote>krb5_server</quote> en su lugar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:385 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:388 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (cadena)"
@@ -5226,7 +5221,7 @@ msgstr ""
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:400 sssd-krb5.5.xml:453
+#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:403 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (boolean)"
@@ -6308,7 +6303,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: sssd-ldap.5.xml:2525 sssd-ldap.5.xml:2543 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:723 sssd-ad.5.xml:829 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ipa.5.xml:726 sssd-ad.5.xml:851 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
@@ -6366,7 +6361,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2559 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:844 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:866 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "NOTAS"
@@ -7003,7 +6998,7 @@ msgstr ""
"host."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:676
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:695
msgid "dyndns_update (boolean)"
msgstr ""
@@ -7018,7 +7013,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:690
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:709
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -7036,12 +7031,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:701
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:720
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:704
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:723
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -7062,19 +7057,24 @@ msgid "Default: 1200 (seconds)"
msgstr "Por defecto: 1200 (segundos)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:715
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:734
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:718
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:737
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173
+#: sssd-ipa.5.xml:173 sssd-ad.5.xml:742
+msgid "NOTE: This option currently supports only one interface."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:176
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -7082,22 +7082,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:179
+#: sssd-ipa.5.xml:182
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr "Predeterminado: Utilizar la dirección IP de la conexión IPA LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:185
+#: sssd-ipa.5.xml:188
msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:192
+#: sssd-ipa.5.xml:195
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
@@ -7109,12 +7109,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:729
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:751
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:732
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:754
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -7122,76 +7122,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:745
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:767
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:748
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:770
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:235
+#: sssd-ipa.5.xml:238
msgid ""
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:241
+#: sssd-ipa.5.xml:244
msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:759
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:781
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:762
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:784
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:766
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:788
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260
+#: sssd-ipa.5.xml:263
msgid "ipa_hbac_search_base (string)"
msgstr "ipa_hbac_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263
+#: sssd-ipa.5.xml:266
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
"Opcional. Usa la cadena dada como base de búsqueda para los objetos HBAC "
"relacionados."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:270
msgid "Default: Use base DN"
msgstr "Predeterminado: Utilizar DN base"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273
+#: sssd-ipa.5.xml:276
msgid "ipa_host_search_base (string)"
msgstr "ipa_host_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276
+#: sssd-ipa.5.xml:279
msgid "Optional. Use the given string as search base for host objects."
msgstr "Opcional. Usa la cadena dada como base de búsqueda para objetos host."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:283 sssd-ipa.5.xml:302 sssd-ipa.5.xml:321 sssd-ipa.5.xml:340
+#: sssd-ipa.5.xml:359
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
@@ -7200,77 +7200,77 @@ msgstr ""
"de múltiples bases de búsqueda."
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:288 sssd-ipa.5.xml:307 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "Predeterminado: el valor de <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:295
msgid "ipa_selinux_search_base (string)"
msgstr "ipa_selinux_search_base (cadena)Opcional. "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:295
+#: sssd-ipa.5.xml:298
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
"Opcional. Usa la cadena dada como base de búsqueda para los mapas de usuario "
"SELinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:311
+#: sssd-ipa.5.xml:314
msgid "ipa_subdomains_search_base (string)"
msgstr "ipa_subdomains_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:314
+#: sssd-ipa.5.xml:317
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
"Opcional: Usa la cadena dada como base de búsqueda de dominios de confianza."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:326
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr "Por defecto: el valor de <emphasis>cn=trusts,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:330
+#: sssd-ipa.5.xml:333
msgid "ipa_master_domain_search_base (string)"
msgstr "ipa_master_domain_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:333
+#: sssd-ipa.5.xml:336
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
"Opcional: Usa la cadena dada como base de búsqueda para el objeto maestro de "
"dominio."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:345
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr "Por defecto: el valor de <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:349
+#: sssd-ipa.5.xml:352
msgid "ipa_views_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:352
+#: sssd-ipa.5.xml:355
msgid "Optional. Use the given string as search base for views containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:364
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368 sssd-krb5.5.xml:245
+#: sssd-ipa.5.xml:371 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:374
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
@@ -7278,7 +7278,7 @@ msgstr ""
"Verifica con la ayuda de krb5_keytab que el TGT obtenido no ha sido burlado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378 sssd-ad.5.xml:787
+#: sssd-ipa.5.xml:381 sssd-ad.5.xml:809
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -7287,7 +7287,7 @@ msgstr ""
"tradicional de Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:388
+#: sssd-ipa.5.xml:391
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
@@ -7296,7 +7296,7 @@ msgstr ""
"de <quote>ipa_domain</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:395
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
@@ -7305,7 +7305,7 @@ msgstr ""
"convertido hacia la base DN para usarlo para llevar a cabo operaciones LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:403
+#: sssd-ipa.5.xml:406
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -7316,12 +7316,12 @@ msgstr ""
"está disponible con MIT Kerberos >= 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:416 sssd-krb5.5.xml:407
+#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:407
msgid "krb5_use_fast (string)"
msgstr "krb5_use_fast (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:410
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:410
msgid ""
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
"authentication. The following options are supported:"
@@ -7330,12 +7330,12 @@ msgstr ""
"autenticación Kerberos. Se soportan las siguientes opciones:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:424
+#: sssd-ipa.5.xml:427
msgid "<emphasis>never</emphasis> use FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:430
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it. This is equivalent to not setting "
@@ -7343,19 +7343,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:433 sssd-krb5.5.xml:424
+#: sssd-ipa.5.xml:436 sssd-krb5.5.xml:424
msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:438
+#: sssd-ipa.5.xml:441
msgid "Default: try"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:441 sssd-krb5.5.xml:435
+#: sssd-ipa.5.xml:444 sssd-krb5.5.xml:435
msgid ""
"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
"SSSD is used with an older version of MIT Kerberos, using this option is a "
@@ -7363,28 +7363,28 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:794
+#: sssd-ipa.5.xml:453 sssd-ad.5.xml:816
#, fuzzy
#| msgid "krb5_ccname_template (string)"
msgid "krb5_confd_path (string)"
msgstr "krb5_ccname_template (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:453 sssd-ad.5.xml:797
+#: sssd-ipa.5.xml:456 sssd-ad.5.xml:819
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:457 sssd-ad.5.xml:801
+#: sssd-ipa.5.xml:460 sssd-ad.5.xml:823
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:805
+#: sssd-ipa.5.xml:464 sssd-ad.5.xml:827
#, fuzzy
#| msgid "Default: not set (no substitution for unset home directories)"
msgid ""
@@ -7393,12 +7393,12 @@ msgstr ""
"Por defecto: no fijado (sin sustitución para los directorios home no fijados)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:468
+#: sssd-ipa.5.xml:471
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:474
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -7409,17 +7409,17 @@ msgstr ""
"muchas peticiones de control de acceso hechas en un corto período."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:478 sssd-ipa.5.xml:494 sssd-ad.5.xml:330
+#: sssd-ipa.5.xml:481 sssd-ipa.5.xml:497 sssd-ad.5.xml:344
msgid "Default: 5 (seconds)"
msgstr "Predeterminado: 5 (segundos)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:484
+#: sssd-ipa.5.xml:487
msgid "ipa_hbac_selinux (integer)"
msgstr "ipa_hbac_selinux (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:490
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -7430,12 +7430,12 @@ msgstr ""
"hay muchas peticiones de acceso de usuario hechas en un corto período."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:503
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:506
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -7449,7 +7449,7 @@ msgstr ""
"período de transición:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:515
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
@@ -7458,7 +7458,7 @@ msgstr ""
"les denegará el acceso a todos los usuarios."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:517
+#: sssd-ipa.5.xml:520
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
@@ -7467,197 +7467,197 @@ msgstr ""
"cuidadoso con este opción, puesto que pueden abrirse accesos no pretendidos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:522
+#: sssd-ipa.5.xml:525
msgid "Default: DENY_ALL"
msgstr "Predeterminado: DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:531
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:534
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:535
+#: sssd-ipa.5.xml:538
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:549
msgid "ipa_automount_location (string)"
msgstr "ipa_automount_location (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:549
+#: sssd-ipa.5.xml:552
msgid "The automounter location this IPA client will be using"
msgstr "La localización del automontador de este cliente IPA que será usada"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:552
+#: sssd-ipa.5.xml:555
msgid "Default: The location named \"default\""
msgstr "Por defecto: La localización llamada “default”"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:560
+#: sssd-ipa.5.xml:563
msgid "VIEWS AND OVERRIDES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:572
msgid "ipa_view_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:572
+#: sssd-ipa.5.xml:575
msgid "Objectclass of the view container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:578
msgid "Default: nsContainer"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:581
+#: sssd-ipa.5.xml:584
msgid "ipa_view_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:584
+#: sssd-ipa.5.xml:587
msgid "Name of the attribute holding the name of the view."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:594
+#: sssd-ipa.5.xml:597
msgid "ipa_overide_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:597
+#: sssd-ipa.5.xml:600
msgid "Objectclass of the override objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:600
+#: sssd-ipa.5.xml:603
msgid "Default: ipaOverrideAnchor"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:606
+#: sssd-ipa.5.xml:609
msgid "ipa_anchor_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:612
msgid ""
"Name of the attribute containing the reference to the original object in a "
"remote domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:613
+#: sssd-ipa.5.xml:616
msgid "Default: ipaAnchorUUID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
+#: sssd-ipa.5.xml:622
msgid "ipa_user_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
+#: sssd-ipa.5.xml:625
msgid ""
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:627
+#: sssd-ipa.5.xml:630
msgid "User overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:630
+#: sssd-ipa.5.xml:633
msgid "ldap_user_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:633
+#: sssd-ipa.5.xml:636
msgid "ldap_user_uid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:636
+#: sssd-ipa.5.xml:639
msgid "ldap_user_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:639
+#: sssd-ipa.5.xml:642
msgid "ldap_user_gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:642
+#: sssd-ipa.5.xml:645
msgid "ldap_user_home_directory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:645
+#: sssd-ipa.5.xml:648
msgid "ldap_user_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:651
#, fuzzy
#| msgid "ldap_user_ssh_public_key (string)"
msgid "ldap_user_ssh_public_key"
msgstr "ldap_user_ssh_public_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:653
+#: sssd-ipa.5.xml:656
msgid "Default: ipaUserOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:659
+#: sssd-ipa.5.xml:662
msgid "ipa_group_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:662
+#: sssd-ipa.5.xml:665
msgid ""
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:667
+#: sssd-ipa.5.xml:670
msgid "Group overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:670
+#: sssd-ipa.5.xml:673
msgid "ldap_group_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:673
+#: sssd-ipa.5.xml:676
msgid "ldap_group_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:678
+#: sssd-ipa.5.xml:681
msgid "Default: ipaGroupOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:565
msgid ""
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
@@ -7667,12 +7667,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:688
+#: sssd-ipa.5.xml:691
msgid "SUBDOMAINS PROVIDER"
msgstr "PROVEEDOR DE SUBDOMINIOS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:690
+#: sssd-ipa.5.xml:693
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
@@ -7681,7 +7681,7 @@ msgstr ""
"si está configurado explícitamente o implícitamente."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:694
+#: sssd-ipa.5.xml:697
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -7693,7 +7693,7 @@ msgstr ""
"de IPA si es necesario."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:700
+#: sssd-ipa.5.xml:703
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -7705,7 +7705,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:717
+#: sssd-ipa.5.xml:720
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7716,7 +7716,7 @@ msgstr ""
"Este ejemplo muestra sólo las opciones específicas del proveedor ipa."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:724
+#: sssd-ipa.5.xml:727
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -7988,17 +7988,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225
+#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:231
+#, fuzzy
+#| msgid "ad_hostname (string)"
+msgid "ad_site (string)"
+msgstr "ad_hostname (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:245
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:248
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -8007,7 +8021,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:242
+#: sssd-ad.5.xml:256
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -8016,12 +8030,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:270
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:259
+#: sssd-ad.5.xml:273
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -8031,14 +8045,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268
+#: sssd-ad.5.xml:282
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:274
+#: sssd-ad.5.xml:288
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -8051,23 +8065,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:287
+#: sssd-ad.5.xml:301
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:291
+#: sssd-ad.5.xml:305
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:297
+#: sssd-ad.5.xml:311
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:303
+#: sssd-ad.5.xml:317
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -8075,17 +8089,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:314
+#: sssd-ad.5.xml:328
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:320
+#: sssd-ad.5.xml:334
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:323
+#: sssd-ad.5.xml:337
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -8093,12 +8107,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:336
+#: sssd-ad.5.xml:350
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:339
+#: sssd-ad.5.xml:353
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -8106,7 +8120,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:345
+#: sssd-ad.5.xml:359
msgid ""
"Note: Using the Group Policy Management Editor this value "
"InteractiveLogonRight is called \"Allow log on locally\" and \"Deny log on "
@@ -8114,7 +8128,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:359
+#: sssd-ad.5.xml:373
#, no-wrap
msgid ""
" ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -8122,7 +8136,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:350
+#: sssd-ad.5.xml:364
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8134,53 +8148,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:363 sssd-ad.5.xml:434 sssd-ad.5.xml:469 sssd-ad.5.xml:509
-#: sssd-ad.5.xml:570
+#: sssd-ad.5.xml:377 sssd-ad.5.xml:448 sssd-ad.5.xml:483 sssd-ad.5.xml:523
+#: sssd-ad.5.xml:584
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:381
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:372
+#: sssd-ad.5.xml:386
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:377
+#: sssd-ad.5.xml:391
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:396
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:387
+#: sssd-ad.5.xml:401
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:406
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:397
+#: sssd-ad.5.xml:411
msgid "kdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:406
+#: sssd-ad.5.xml:420
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:423
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -8188,7 +8202,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:415
+#: sssd-ad.5.xml:429
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -8196,7 +8210,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:430
+#: sssd-ad.5.xml:444
#, no-wrap
msgid ""
" ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -8204,7 +8218,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:435
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8216,17 +8230,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:452
msgid "sshd"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:461
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:450
+#: sssd-ad.5.xml:464
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -8234,7 +8248,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:479
#, no-wrap
msgid ""
" ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -8242,7 +8256,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:456
+#: sssd-ad.5.xml:470
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8254,22 +8268,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:487
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:478
+#: sssd-ad.5.xml:492
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:487
+#: sssd-ad.5.xml:501
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:504
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -8277,7 +8291,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:519
#, no-wrap
msgid ""
" ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -8285,7 +8299,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:510
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8297,17 +8311,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:527
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:522
+#: sssd-ad.5.xml:536
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:525
+#: sssd-ad.5.xml:539
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -8315,7 +8329,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:539
+#: sssd-ad.5.xml:553
#, no-wrap
msgid ""
" ad_gpo_map_service = +my_pam_service\n"
@@ -8323,7 +8337,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:531 sssd-ad.5.xml:596
+#: sssd-ad.5.xml:545 sssd-ad.5.xml:615
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -8334,19 +8348,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:549
+#: sssd-ad.5.xml:563
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:552
+#: sssd-ad.5.xml:566
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:580
#, no-wrap
msgid ""
" ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -8354,7 +8368,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:557
+#: sssd-ad.5.xml:571
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8366,29 +8380,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:574
+#: sssd-ad.5.xml:588
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:579
+#: sssd-ad.5.xml:593
msgid "sudo-i"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:598
+msgid "systemd-user"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:588
+#: sssd-ad.5.xml:607
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:591
+#: sssd-ad.5.xml:610
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:604
+#: sssd-ad.5.xml:623
#, no-wrap
msgid ""
" ad_gpo_map_deny = +my_pam_service\n"
@@ -8396,12 +8415,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:614
+#: sssd-ad.5.xml:633
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:636
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -8414,52 +8433,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:649
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:634
+#: sssd-ad.5.xml:653
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:639
+#: sssd-ad.5.xml:658
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:663
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:649
+#: sssd-ad.5.xml:668
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:654
+#: sssd-ad.5.xml:673
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:659
+#: sssd-ad.5.xml:678
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:683
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:689
msgid "Default: deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:679
+#: sssd-ad.5.xml:698
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -8470,34 +8489,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:709
+#: sssd-ad.5.xml:728
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:745
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:753 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:775 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr "Predeterminado: True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:775 sssd-krb5.5.xml:496
+#: sssd-ad.5.xml:797 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:778 sssd-krb5.5.xml:499
+#: sssd-ad.5.xml:800 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:823
+#: sssd-ad.5.xml:845
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8508,7 +8527,7 @@ msgstr ""
"Este ejemplo muestra sólo las opciones específicas del proveedor AD."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:852
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -8532,7 +8551,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:850
+#: sssd-ad.5.xml:872
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -8544,7 +8563,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:846
+#: sssd-ad.5.xml:868
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -8555,7 +8574,7 @@ msgstr ""
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:856
+#: sssd-ad.5.xml:878
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -9134,7 +9153,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr "La contraseña a oscurecer será leída desde la entrada estándar."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -10966,18 +10985,30 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_ssh_authorizedkeys.1.xml:58
-#, no-wrap
-msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+#, fuzzy, no-wrap
+#| msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
msgstr "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:51
+#, fuzzy
+#| msgid ""
+#| "If <quote>AuthorizedKeysCommand</quote> is supported, "
+#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#| "manvolnum></citerefentry> can be configured to use it by putting the "
+#| "following directive in <citerefentry> <refentrytitle>sshd_config</"
+#| "refentrytitle> <manvolnum>5</manvolnum></citerefentry>: <placeholder type="
+#| "\"programlisting\" id=\"0\"/>"
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by putting the following directive "
-"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
msgstr ""
"Si se soporta <quote>AuthorizedKeysCommand</quote>, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10987,13 +11018,13 @@ msgstr ""
"\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:69
+#: sss_ssh_authorizedkeys.1.xml:70
#, no-wrap
msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:63
msgid ""
"If <quote>PubkeyAgent</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -11009,7 +11040,7 @@ msgstr ""
"configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:84
+#: sss_ssh_authorizedkeys.1.xml:85
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
@@ -11017,12 +11048,12 @@ msgstr ""
"<replaceable>DOMAIN</replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
diff --git a/src/man/po/eu.po b/src/man/po/eu.po
index 2be91c102..8b611f094 100644
--- a/src/man/po/eu.po
+++ b/src/man/po/eu.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.2\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-01-08 18:14+0100\n"
+"POT-Creation-Date: 2015-02-18 16:52+0100\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/"
@@ -82,7 +82,7 @@ msgstr ""
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr ""
@@ -227,8 +227,8 @@ msgstr ""
#: sssd.conf.5.xml:81 sssd.conf.5.xml:571 sssd.conf.5.xml:1014
#: sssd-ldap.5.xml:1625 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1784
#: sssd-ldap.5.xml:2273 sssd-ldap.5.xml:2338 sssd-ldap.5.xml:2356
-#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:410 sssd-ad.5.xml:166 sssd-ad.5.xml:250
-#: sssd-ad.5.xml:695 sssd-ad.5.xml:784 sssd-krb5.5.xml:490
+#: sssd-ipa.5.xml:378 sssd-ipa.5.xml:413 sssd-ad.5.xml:166 sssd-ad.5.xml:264
+#: sssd-ad.5.xml:714 sssd-ad.5.xml:806 sssd-krb5.5.xml:490
msgid "Default: true"
msgstr ""
@@ -248,7 +248,7 @@ msgstr ""
#: sssd.conf.5.xml:94 sssd.conf.5.xml:968 sssd.conf.5.xml:2043
#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1499 sssd-ldap.5.xml:1518
#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:2060 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:540 sssd-krb5.5.xml:257
+#: sssd-ipa.5.xml:208 sssd-ipa.5.xml:543 sssd-krb5.5.xml:257
#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
msgid "Default: false"
msgstr ""
@@ -356,7 +356,7 @@ msgid ""
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter described the list of domains in the order you want "
"them to be queried. A domain name should only consist of alphanumeric ASCII "
-"characters, dashes and underscores."
+"characters, dashes, dots and underscores."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -541,8 +541,8 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:336 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1458
-#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:543
-#: sssd-ad.5.xml:608 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
+#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:557
+#: sssd-ad.5.xml:627 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
#: include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
@@ -1694,7 +1694,7 @@ msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:224
msgid "Default: 0 (disabled)"
msgstr ""
@@ -2618,7 +2618,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:2246 sssd-ldap.5.xml:2518 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:715 sssd-ad.5.xml:821 sssd-krb5.5.xml:519
+#: sssd-ipa.5.xml:718 sssd-ad.5.xml:843 sssd-krb5.5.xml:519
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
@@ -3494,7 +3494,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:738 sssd-ldap.5.xml:831 sssd-ldap.5.xml:1058
#: sssd-ldap.5.xml:1132 sssd-ldap.5.xml:2102 sssd-ldap.5.xml:2441
-#: sssd-ipa.5.xml:588
+#: sssd-ipa.5.xml:591
msgid "Default: cn"
msgstr ""
@@ -4250,7 +4250,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1479
msgid ""
-"Specifies acceptable cipher suites. Typically this is a colon separated "
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
msgstr ""
@@ -4411,7 +4411,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:739
+#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:761
msgid "Default: 86400 (24 hours)"
msgstr ""
@@ -4449,7 +4449,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:385 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:388 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
@@ -4464,7 +4464,7 @@ msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:400 sssd-krb5.5.xml:453
+#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:403 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
@@ -5395,7 +5395,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: sssd-ldap.5.xml:2525 sssd-ldap.5.xml:2543 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:723 sssd-ad.5.xml:829 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ipa.5.xml:726 sssd-ad.5.xml:851 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -5430,7 +5430,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2559 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:844 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:866 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
@@ -5940,7 +5940,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:676
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:695
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5955,7 +5955,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:690
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:709
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5970,12 +5970,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:701
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:720
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:704
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:723
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -5996,19 +5996,24 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:715
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:734
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:718
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:737
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173
+#: sssd-ipa.5.xml:173 sssd-ad.5.xml:742
+msgid "NOTE: This option currently supports only one interface."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:176
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -6016,22 +6021,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:179
+#: sssd-ipa.5.xml:182
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:185
+#: sssd-ipa.5.xml:188
msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:192
+#: sssd-ipa.5.xml:195
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
@@ -6043,12 +6048,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:729
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:751
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:732
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:754
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6056,174 +6061,174 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:745
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:767
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:748
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:770
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:235
+#: sssd-ipa.5.xml:238
msgid ""
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:241
+#: sssd-ipa.5.xml:244
msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:759
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:781
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:762
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:784
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:766
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:788
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260
+#: sssd-ipa.5.xml:263
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263
+#: sssd-ipa.5.xml:266
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:270
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273
+#: sssd-ipa.5.xml:276
msgid "ipa_host_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276
+#: sssd-ipa.5.xml:279
msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:283 sssd-ipa.5.xml:302 sssd-ipa.5.xml:321 sssd-ipa.5.xml:340
+#: sssd-ipa.5.xml:359
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:288 sssd-ipa.5.xml:307 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:295
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:295
+#: sssd-ipa.5.xml:298
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:311
+#: sssd-ipa.5.xml:314
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:314
+#: sssd-ipa.5.xml:317
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:326
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:330
+#: sssd-ipa.5.xml:333
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:333
+#: sssd-ipa.5.xml:336
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:345
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:349
+#: sssd-ipa.5.xml:352
msgid "ipa_views_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:352
+#: sssd-ipa.5.xml:355
msgid "Optional. Use the given string as search base for views containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:364
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368 sssd-krb5.5.xml:245
+#: sssd-ipa.5.xml:371 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:374
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378 sssd-ad.5.xml:787
+#: sssd-ipa.5.xml:381 sssd-ad.5.xml:809
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:388
+#: sssd-ipa.5.xml:391
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:395
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:403
+#: sssd-ipa.5.xml:406
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -6231,24 +6236,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:416 sssd-krb5.5.xml:407
+#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:407
msgid "krb5_use_fast (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:410
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:410
msgid ""
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:424
+#: sssd-ipa.5.xml:427
msgid "<emphasis>never</emphasis> use FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:430
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it. This is equivalent to not setting "
@@ -6256,19 +6261,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:433 sssd-krb5.5.xml:424
+#: sssd-ipa.5.xml:436 sssd-krb5.5.xml:424
msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:438
+#: sssd-ipa.5.xml:441
msgid "Default: try"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:441 sssd-krb5.5.xml:435
+#: sssd-ipa.5.xml:444 sssd-krb5.5.xml:435
msgid ""
"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
"SSSD is used with an older version of MIT Kerberos, using this option is a "
@@ -6276,37 +6281,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:794
+#: sssd-ipa.5.xml:453 sssd-ad.5.xml:816
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:453 sssd-ad.5.xml:797
+#: sssd-ipa.5.xml:456 sssd-ad.5.xml:819
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:457 sssd-ad.5.xml:801
+#: sssd-ipa.5.xml:460 sssd-ad.5.xml:823
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:805
+#: sssd-ipa.5.xml:464 sssd-ad.5.xml:827
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:468
+#: sssd-ipa.5.xml:471
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:474
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -6314,17 +6319,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:478 sssd-ipa.5.xml:494 sssd-ad.5.xml:330
+#: sssd-ipa.5.xml:481 sssd-ipa.5.xml:497 sssd-ad.5.xml:344
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:484
+#: sssd-ipa.5.xml:487
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:490
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -6332,12 +6337,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:503
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:506
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -6346,209 +6351,209 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:515
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:517
+#: sssd-ipa.5.xml:520
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:522
+#: sssd-ipa.5.xml:525
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:531
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:534
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:535
+#: sssd-ipa.5.xml:538
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:549
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:549
+#: sssd-ipa.5.xml:552
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:552
+#: sssd-ipa.5.xml:555
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:560
+#: sssd-ipa.5.xml:563
msgid "VIEWS AND OVERRIDES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:572
msgid "ipa_view_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:572
+#: sssd-ipa.5.xml:575
msgid "Objectclass of the view container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:578
msgid "Default: nsContainer"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:581
+#: sssd-ipa.5.xml:584
msgid "ipa_view_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:584
+#: sssd-ipa.5.xml:587
msgid "Name of the attribute holding the name of the view."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:594
+#: sssd-ipa.5.xml:597
msgid "ipa_overide_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:597
+#: sssd-ipa.5.xml:600
msgid "Objectclass of the override objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:600
+#: sssd-ipa.5.xml:603
msgid "Default: ipaOverrideAnchor"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:606
+#: sssd-ipa.5.xml:609
msgid "ipa_anchor_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:612
msgid ""
"Name of the attribute containing the reference to the original object in a "
"remote domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:613
+#: sssd-ipa.5.xml:616
msgid "Default: ipaAnchorUUID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
+#: sssd-ipa.5.xml:622
msgid "ipa_user_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
+#: sssd-ipa.5.xml:625
msgid ""
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:627
+#: sssd-ipa.5.xml:630
msgid "User overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:630
+#: sssd-ipa.5.xml:633
msgid "ldap_user_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:633
+#: sssd-ipa.5.xml:636
msgid "ldap_user_uid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:636
+#: sssd-ipa.5.xml:639
msgid "ldap_user_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:639
+#: sssd-ipa.5.xml:642
msgid "ldap_user_gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:642
+#: sssd-ipa.5.xml:645
msgid "ldap_user_home_directory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:645
+#: sssd-ipa.5.xml:648
msgid "ldap_user_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:651
msgid "ldap_user_ssh_public_key"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:653
+#: sssd-ipa.5.xml:656
msgid "Default: ipaUserOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:659
+#: sssd-ipa.5.xml:662
msgid "ipa_group_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:662
+#: sssd-ipa.5.xml:665
msgid ""
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:667
+#: sssd-ipa.5.xml:670
msgid "Group overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:670
+#: sssd-ipa.5.xml:673
msgid "ldap_group_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:673
+#: sssd-ipa.5.xml:676
msgid "ldap_group_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:678
+#: sssd-ipa.5.xml:681
msgid "Default: ipaGroupOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:565
msgid ""
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
@@ -6558,19 +6563,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:688
+#: sssd-ipa.5.xml:691
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:690
+#: sssd-ipa.5.xml:693
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:694
+#: sssd-ipa.5.xml:697
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6578,7 +6583,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:700
+#: sssd-ipa.5.xml:703
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6590,7 +6595,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:717
+#: sssd-ipa.5.xml:720
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6598,7 +6603,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:724
+#: sssd-ipa.5.xml:727
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6838,18 +6843,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225
+#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:231
-msgid "ad_enable_gc (boolean)"
+msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:234
msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:245
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:248
+msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
@@ -6857,7 +6874,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:242
+#: sssd-ad.5.xml:256
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -6866,12 +6883,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:270
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:259
+#: sssd-ad.5.xml:273
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -6881,14 +6898,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268
+#: sssd-ad.5.xml:282
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:274
+#: sssd-ad.5.xml:288
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -6901,23 +6918,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:287
+#: sssd-ad.5.xml:301
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:291
+#: sssd-ad.5.xml:305
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:297
+#: sssd-ad.5.xml:311
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:303
+#: sssd-ad.5.xml:317
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -6925,17 +6942,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:314
+#: sssd-ad.5.xml:328
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:320
+#: sssd-ad.5.xml:334
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:323
+#: sssd-ad.5.xml:337
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -6943,12 +6960,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:336
+#: sssd-ad.5.xml:350
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:339
+#: sssd-ad.5.xml:353
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -6956,7 +6973,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:345
+#: sssd-ad.5.xml:359
msgid ""
"Note: Using the Group Policy Management Editor this value "
"InteractiveLogonRight is called \"Allow log on locally\" and \"Deny log on "
@@ -6964,7 +6981,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:359
+#: sssd-ad.5.xml:373
#, no-wrap
msgid ""
" ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -6972,7 +6989,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:350
+#: sssd-ad.5.xml:364
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -6984,53 +7001,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:363 sssd-ad.5.xml:434 sssd-ad.5.xml:469 sssd-ad.5.xml:509
-#: sssd-ad.5.xml:570
+#: sssd-ad.5.xml:377 sssd-ad.5.xml:448 sssd-ad.5.xml:483 sssd-ad.5.xml:523
+#: sssd-ad.5.xml:584
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:381
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:372
+#: sssd-ad.5.xml:386
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:377
+#: sssd-ad.5.xml:391
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:396
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:387
+#: sssd-ad.5.xml:401
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:406
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:397
+#: sssd-ad.5.xml:411
msgid "kdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:406
+#: sssd-ad.5.xml:420
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:423
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7038,7 +7055,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:415
+#: sssd-ad.5.xml:429
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7046,7 +7063,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:430
+#: sssd-ad.5.xml:444
#, no-wrap
msgid ""
" ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7054,7 +7071,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:435
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7066,17 +7083,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:452
msgid "sshd"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:461
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:450
+#: sssd-ad.5.xml:464
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7084,7 +7101,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:479
#, no-wrap
msgid ""
" ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7092,7 +7109,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:456
+#: sssd-ad.5.xml:470
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7104,22 +7121,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:487
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:478
+#: sssd-ad.5.xml:492
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:487
+#: sssd-ad.5.xml:501
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:504
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7127,7 +7144,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:519
#, no-wrap
msgid ""
" ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7135,7 +7152,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:510
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7147,17 +7164,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:527
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:522
+#: sssd-ad.5.xml:536
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:525
+#: sssd-ad.5.xml:539
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7165,7 +7182,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:539
+#: sssd-ad.5.xml:553
#, no-wrap
msgid ""
" ad_gpo_map_service = +my_pam_service\n"
@@ -7173,7 +7190,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:531 sssd-ad.5.xml:596
+#: sssd-ad.5.xml:545 sssd-ad.5.xml:615
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7184,19 +7201,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:549
+#: sssd-ad.5.xml:563
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:552
+#: sssd-ad.5.xml:566
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:580
#, no-wrap
msgid ""
" ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7204,7 +7221,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:557
+#: sssd-ad.5.xml:571
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7216,29 +7233,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:574
+#: sssd-ad.5.xml:588
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:579
+#: sssd-ad.5.xml:593
msgid "sudo-i"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:598
+msgid "systemd-user"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:588
+#: sssd-ad.5.xml:607
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:591
+#: sssd-ad.5.xml:610
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:604
+#: sssd-ad.5.xml:623
#, no-wrap
msgid ""
" ad_gpo_map_deny = +my_pam_service\n"
@@ -7246,12 +7268,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:614
+#: sssd-ad.5.xml:633
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:636
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7264,52 +7286,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:649
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:634
+#: sssd-ad.5.xml:653
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:639
+#: sssd-ad.5.xml:658
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:663
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:649
+#: sssd-ad.5.xml:668
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:654
+#: sssd-ad.5.xml:673
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:659
+#: sssd-ad.5.xml:678
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:683
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:689
msgid "Default: deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:679
+#: sssd-ad.5.xml:698
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7320,34 +7342,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:709
+#: sssd-ad.5.xml:728
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:745
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:753 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:775 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:775 sssd-krb5.5.xml:496
+#: sssd-ad.5.xml:797 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:778 sssd-krb5.5.xml:499
+#: sssd-ad.5.xml:800 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:823
+#: sssd-ad.5.xml:845
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7355,7 +7377,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:852
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7370,7 +7392,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:850
+#: sssd-ad.5.xml:872
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7379,7 +7401,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:846
+#: sssd-ad.5.xml:868
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7387,7 +7409,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:856
+#: sssd-ad.5.xml:878
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7854,7 +7876,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -9462,7 +9484,9 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_ssh_authorizedkeys.1.xml:58
#, no-wrap
-msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -9470,19 +9494,20 @@ msgstr ""
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by putting the following directive "
-"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:69
+#: sss_ssh_authorizedkeys.1.xml:70
#, no-wrap
msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:63
msgid ""
"If <quote>PubkeyAgent</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -9493,18 +9518,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:84
+#: sss_ssh_authorizedkeys.1.xml:85
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
diff --git a/src/man/po/fr.po b/src/man/po/fr.po
index 3316b69a8..600f54c58 100644
--- a/src/man/po/fr.po
+++ b/src/man/po/fr.po
@@ -13,7 +13,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.2\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-01-08 18:14+0100\n"
+"POT-Creation-Date: 2015-02-18 16:52+0100\n"
"PO-Revision-Date: 2014-09-24 07:39-0400\n"
"Last-Translator: Jérôme Fenal <jfenal@gmail.com>\n"
"Language-Team: French (http://www.transifex.com/projects/p/sssd/language/"
@@ -93,7 +93,7 @@ msgstr ""
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "OPTIONS"
@@ -269,8 +269,8 @@ msgstr ""
#: sssd.conf.5.xml:81 sssd.conf.5.xml:571 sssd.conf.5.xml:1014
#: sssd-ldap.5.xml:1625 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1784
#: sssd-ldap.5.xml:2273 sssd-ldap.5.xml:2338 sssd-ldap.5.xml:2356
-#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:410 sssd-ad.5.xml:166 sssd-ad.5.xml:250
-#: sssd-ad.5.xml:695 sssd-ad.5.xml:784 sssd-krb5.5.xml:490
+#: sssd-ipa.5.xml:378 sssd-ipa.5.xml:413 sssd-ad.5.xml:166 sssd-ad.5.xml:264
+#: sssd-ad.5.xml:714 sssd-ad.5.xml:806 sssd-krb5.5.xml:490
msgid "Default: true"
msgstr "Par défaut : true"
@@ -290,7 +290,7 @@ msgstr ""
#: sssd.conf.5.xml:94 sssd.conf.5.xml:968 sssd.conf.5.xml:2043
#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1499 sssd-ldap.5.xml:1518
#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:2060 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:540 sssd-krb5.5.xml:257
+#: sssd-ipa.5.xml:208 sssd-ipa.5.xml:543 sssd-krb5.5.xml:257
#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
msgid "Default: false"
msgstr "Par défaut : false"
@@ -406,12 +406,19 @@ msgstr "domaines"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:181
+#, fuzzy
+#| msgid ""
+#| "A domain is a database containing user information. SSSD can use more "
+#| "domains at the same time, but at least one must be configured or SSSD "
+#| "won't start. This parameter described the list of domains in the order "
+#| "you want them to be queried. A domain name should only consist of "
+#| "alphanumeric ASCII characters, dashes and underscores."
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter described the list of domains in the order you want "
"them to be queried. A domain name should only consist of alphanumeric ASCII "
-"characters, dashes and underscores."
+"characters, dashes, dots and underscores."
msgstr ""
"Un domaine est une base de données contenant les informations utilisateurs. "
"SSSD peut utiliser plusieurs domaines en même temps, au moins un doit être "
@@ -651,8 +658,8 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:336 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1458
-#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:543
-#: sssd-ad.5.xml:608 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
+#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:557
+#: sssd-ad.5.xml:627 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
#: include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr "Par défaut : non défini"
@@ -2039,7 +2046,7 @@ msgstr ""
"Il est envisageable de configurer cette valeur à 3/4 * entry_cache_timeout."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:224
msgid "Default: 0 (disabled)"
msgstr "Par défaut : 0 (désactivé)"
@@ -3177,7 +3184,7 @@ msgstr "Par défaut : None, aucune commande lancée"
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:2246 sssd-ldap.5.xml:2518 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:715 sssd-ad.5.xml:821 sssd-krb5.5.xml:519
+#: sssd-ipa.5.xml:718 sssd-ad.5.xml:843 sssd-krb5.5.xml:519
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "EXEMPLE"
@@ -4232,7 +4239,7 @@ msgstr "L'attribut LDAP correspondant au nom complet de l'utilisateur."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:738 sssd-ldap.5.xml:831 sssd-ldap.5.xml:1058
#: sssd-ldap.5.xml:1132 sssd-ldap.5.xml:2102 sssd-ldap.5.xml:2441
-#: sssd-ipa.5.xml:588
+#: sssd-ipa.5.xml:591
msgid "Default: cn"
msgstr "Par défaut : cn"
@@ -5131,13 +5138,8 @@ msgstr "ldap_tls_cipher_suite (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1479
-#, fuzzy
-#| msgid ""
-#| "Specifies acceptable cipher suites. Typically this is a colon sperated "
-#| "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-#| "<manvolnum>5</manvolnum></citerefentry> for format."
msgid ""
-"Specifies acceptable cipher suites. Typically this is a colon separated "
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
msgstr ""
@@ -5337,7 +5339,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Définit la durée de vie, en secondes, des TGT si GSSAPI est utilisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:739
+#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:761
msgid "Default: 86400 (24 hours)"
msgstr "Par défaut : 86400 (24 heures)"
@@ -5390,7 +5392,7 @@ msgstr ""
"l'utilisation de <quote>krb5_server</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:385 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:388 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (chaîne)"
@@ -5407,7 +5409,7 @@ msgstr ""
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:400 sssd-krb5.5.xml:453
+#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:403 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (booléen)"
@@ -6516,7 +6518,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: sssd-ldap.5.xml:2525 sssd-ldap.5.xml:2543 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:723 sssd-ad.5.xml:829 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ipa.5.xml:726 sssd-ad.5.xml:851 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
@@ -6574,7 +6576,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2559 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:844 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:866 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "NOTES"
@@ -7228,7 +7230,7 @@ msgstr ""
"identifier l'hôte."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:676
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:695
msgid "dyndns_update (boolean)"
msgstr "dyndns_update (booléen)"
@@ -7248,7 +7250,7 @@ msgstr ""
"l'utilisation de l'option <quote>dyndns_iface</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:690
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:709
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -7270,12 +7272,12 @@ msgstr ""
"configuration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:701
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:720
msgid "dyndns_ttl (integer)"
msgstr "dyndns_ttl (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:704
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:723
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -7302,12 +7304,12 @@ msgid "Default: 1200 (seconds)"
msgstr "Par défaut : 1200 (secondes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:715
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:734
msgid "dyndns_iface (string)"
msgstr "dyndns_iface (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:718
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:737
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -7317,7 +7319,12 @@ msgstr ""
"du DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173
+#: sssd-ipa.5.xml:173 sssd-ad.5.xml:742
+msgid "NOTE: This option currently supports only one interface."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:176
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -7329,22 +7336,22 @@ msgstr ""
"configuration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:179
+#: sssd-ipa.5.xml:182
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr "Par défaut : utilise l'adresse IP de la connexion IPA LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:185
+#: sssd-ipa.5.xml:188
msgid "ipa_enable_dns_sites (boolean)"
msgstr "ipa_enable_dns_sites (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr "Active les sites DNS - découverte de service basée sur l'emplacement"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:192
+#: sssd-ipa.5.xml:195
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
@@ -7364,12 +7371,12 @@ msgstr ""
"seront utilisés comme serveurs de repli"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:729
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:751
msgid "dyndns_refresh_interval (integer)"
msgstr "dyndns_refresh_interval (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:732
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:754
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -7381,12 +7388,12 @@ msgstr ""
"configurée à true."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:745
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:767
msgid "dyndns_update_ptr (bool)"
msgstr "dyndns_update_ptr (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:748
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:770
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -7396,7 +7403,7 @@ msgstr ""
"l'option dyndns_update est configurée à true."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:235
+#: sssd-ipa.5.xml:238
msgid ""
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
@@ -7406,17 +7413,17 @@ msgstr ""
"quand les enregistrements directs sont modifiés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:241
+#: sssd-ipa.5.xml:244
msgid "Default: False (disabled)"
msgstr "Par défaut : False (désactivé)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:759
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:781
msgid "dyndns_force_tcp (bool)"
msgstr "dyndns_force_tcp (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:762
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:784
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
@@ -7425,42 +7432,42 @@ msgstr ""
"communication avec le serveur DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:766
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:788
msgid "Default: False (let nsupdate choose the protocol)"
msgstr "Par défaut : False (laisser nsupdate choisir le protocole)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260
+#: sssd-ipa.5.xml:263
msgid "ipa_hbac_search_base (string)"
msgstr "ipa_hbac_search_base (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263
+#: sssd-ipa.5.xml:266
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
"Facultatif. Utilise la chaîne donnée comme base de recherche pour les objets "
"HBAC associés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:270
msgid "Default: Use base DN"
msgstr "Par défaut : utilise le DN de base"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273
+#: sssd-ipa.5.xml:276
msgid "ipa_host_search_base (string)"
msgstr "ipa_host_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276
+#: sssd-ipa.5.xml:279
msgid "Optional. Use the given string as search base for host objects."
msgstr ""
"Facultatif. Utiliser la chaîne donnée comme base de recherche pour héberger "
"des objets."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:283 sssd-ipa.5.xml:302 sssd-ipa.5.xml:321 sssd-ipa.5.xml:340
+#: sssd-ipa.5.xml:359
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
@@ -7469,85 +7476,85 @@ msgstr ""
"configuration des bases de recherche multiples."
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:288 sssd-ipa.5.xml:307 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "Par défaut : la valeur de <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:295
msgid "ipa_selinux_search_base (string)"
msgstr "ipa_selinux_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:295
+#: sssd-ipa.5.xml:298
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
"Facultatif. Utiliser la chaîne donnée comme base de recherche pour les "
"mappages utilisateur SELinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:311
+#: sssd-ipa.5.xml:314
msgid "ipa_subdomains_search_base (string)"
msgstr "ipa_subdomains_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:314
+#: sssd-ipa.5.xml:317
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
"Facultatif. Utiliser la chaîne donnée comme base de recherche pour les "
"domaines approuvés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:326
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr "Par défaut : la valeur de <emphasis>cn=trusts,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:330
+#: sssd-ipa.5.xml:333
msgid "ipa_master_domain_search_base (string)"
msgstr "ipa_master_domain_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:333
+#: sssd-ipa.5.xml:336
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
"Facultatif. Utiliser la chaîne donnée comme base de recherche objet de "
"domaine maître."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:345
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr "Par défaut : la valeur de <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:349
+#: sssd-ipa.5.xml:352
msgid "ipa_views_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:352
+#: sssd-ipa.5.xml:355
msgid "Optional. Use the given string as search base for views containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:364
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368 sssd-krb5.5.xml:245
+#: sssd-ipa.5.xml:371 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:374
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr "Vérifie avec l'aide de krb5_keytab que le TGT obtenu n'est pas usurpé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378 sssd-ad.5.xml:787
+#: sssd-ipa.5.xml:381 sssd-ad.5.xml:809
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -7556,7 +7563,7 @@ msgstr ""
"original."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:388
+#: sssd-ipa.5.xml:391
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
@@ -7565,7 +7572,7 @@ msgstr ""
"valeur de <quote>ipa_domain</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:395
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
@@ -7574,7 +7581,7 @@ msgstr ""
"convertit en DN de base pour effectuer les opérations LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:403
+#: sssd-ipa.5.xml:406
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -7585,12 +7592,12 @@ msgstr ""
"Cette fonctionnalité est disponible avec MIT Kerberos > = 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:416 sssd-krb5.5.xml:407
+#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:407
msgid "krb5_use_fast (string)"
msgstr "krb5_use_fast (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:410
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:410
msgid ""
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
"authentication. The following options are supported:"
@@ -7599,12 +7606,12 @@ msgstr ""
"authentification Kerberos. Les options suivantes sont supportées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:424
+#: sssd-ipa.5.xml:427
msgid "<emphasis>never</emphasis> use FAST."
msgstr "<emphasis>never</emphasis> : ne jamais utiliser FAST."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:430
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it. This is equivalent to not setting "
@@ -7612,7 +7619,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:433 sssd-krb5.5.xml:424
+#: sssd-ipa.5.xml:436 sssd-krb5.5.xml:424
msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
@@ -7621,12 +7628,12 @@ msgstr ""
"le serveur ne requiert pas FAST."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:438
+#: sssd-ipa.5.xml:441
msgid "Default: try"
msgstr "Par défaut : try"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:441 sssd-krb5.5.xml:435
+#: sssd-ipa.5.xml:444 sssd-krb5.5.xml:435
msgid ""
"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
"SSSD is used with an older version of MIT Kerberos, using this option is a "
@@ -7637,28 +7644,28 @@ msgstr ""
"MIT Kerberos avec cette option est une erreur de configuration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:794
+#: sssd-ipa.5.xml:453 sssd-ad.5.xml:816
#, fuzzy
#| msgid "krb5_ccname_template (string)"
msgid "krb5_confd_path (string)"
msgstr "krb5_ccname_template (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:453 sssd-ad.5.xml:797
+#: sssd-ipa.5.xml:456 sssd-ad.5.xml:819
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:457 sssd-ad.5.xml:801
+#: sssd-ipa.5.xml:460 sssd-ad.5.xml:823
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:805
+#: sssd-ipa.5.xml:464 sssd-ad.5.xml:827
#, fuzzy
#| msgid "Default: not set (no substitution for unset home directories)"
msgid ""
@@ -7668,12 +7675,12 @@ msgstr ""
"non définis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:468
+#: sssd-ipa.5.xml:471
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:474
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -7684,17 +7691,17 @@ msgstr ""
"beaucoup de requêtes de contrôle d'accès sur une courte période."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:478 sssd-ipa.5.xml:494 sssd-ad.5.xml:330
+#: sssd-ipa.5.xml:481 sssd-ipa.5.xml:497 sssd-ad.5.xml:344
msgid "Default: 5 (seconds)"
msgstr "Par défaut : 5 (secondes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:484
+#: sssd-ipa.5.xml:487
msgid "ipa_hbac_selinux (integer)"
msgstr "ipa_hbac_selinux (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:490
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -7705,12 +7712,12 @@ msgstr ""
"requêtes de connexions utilisateurs sur une courte période."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:503
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:506
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -7724,7 +7731,7 @@ msgstr ""
"charge les deux modes opératoires pendant cette période de transition :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:515
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
@@ -7733,7 +7740,7 @@ msgstr ""
"utilisateur ne pourra se connecter."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:517
+#: sssd-ipa.5.xml:520
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
@@ -7742,22 +7749,22 @@ msgstr ""
"Attention avec cette option, elle peut ouvrir des accès imprévus."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:522
+#: sssd-ipa.5.xml:525
msgid "Default: DENY_ALL"
msgstr "Par défaut : DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:531
msgid "ipa_server_mode (boolean)"
msgstr "ipa_server_mode (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:534
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:535
+#: sssd-ipa.5.xml:538
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
@@ -7767,175 +7774,175 @@ msgstr ""
"domaines approuvés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:549
msgid "ipa_automount_location (string)"
msgstr "ipa_automount_location (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:549
+#: sssd-ipa.5.xml:552
msgid "The automounter location this IPA client will be using"
msgstr "L'emplacement à automonter qu'utilisera ce client IPA"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:552
+#: sssd-ipa.5.xml:555
msgid "Default: The location named \"default\""
msgstr "Par défaut : Le lieu nommé « default »"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:560
+#: sssd-ipa.5.xml:563
msgid "VIEWS AND OVERRIDES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:572
msgid "ipa_view_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:572
+#: sssd-ipa.5.xml:575
msgid "Objectclass of the view container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:578
msgid "Default: nsContainer"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:581
+#: sssd-ipa.5.xml:584
msgid "ipa_view_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:584
+#: sssd-ipa.5.xml:587
msgid "Name of the attribute holding the name of the view."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:594
+#: sssd-ipa.5.xml:597
msgid "ipa_overide_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:597
+#: sssd-ipa.5.xml:600
msgid "Objectclass of the override objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:600
+#: sssd-ipa.5.xml:603
msgid "Default: ipaOverrideAnchor"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:606
+#: sssd-ipa.5.xml:609
msgid "ipa_anchor_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:612
msgid ""
"Name of the attribute containing the reference to the original object in a "
"remote domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:613
+#: sssd-ipa.5.xml:616
msgid "Default: ipaAnchorUUID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
+#: sssd-ipa.5.xml:622
msgid "ipa_user_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
+#: sssd-ipa.5.xml:625
msgid ""
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:627
+#: sssd-ipa.5.xml:630
msgid "User overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:630
+#: sssd-ipa.5.xml:633
msgid "ldap_user_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:633
+#: sssd-ipa.5.xml:636
msgid "ldap_user_uid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:636
+#: sssd-ipa.5.xml:639
msgid "ldap_user_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:639
+#: sssd-ipa.5.xml:642
msgid "ldap_user_gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:642
+#: sssd-ipa.5.xml:645
msgid "ldap_user_home_directory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:645
+#: sssd-ipa.5.xml:648
msgid "ldap_user_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:651
#, fuzzy
#| msgid "ldap_user_ssh_public_key (string)"
msgid "ldap_user_ssh_public_key"
msgstr "ldap_user_ssh_public_key (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:653
+#: sssd-ipa.5.xml:656
msgid "Default: ipaUserOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:659
+#: sssd-ipa.5.xml:662
msgid "ipa_group_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:662
+#: sssd-ipa.5.xml:665
msgid ""
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:667
+#: sssd-ipa.5.xml:670
msgid "Group overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:670
+#: sssd-ipa.5.xml:673
msgid "ldap_group_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:673
+#: sssd-ipa.5.xml:676
msgid "ldap_group_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:678
+#: sssd-ipa.5.xml:681
msgid "Default: ipaGroupOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:565
msgid ""
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
@@ -7945,12 +7952,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:688
+#: sssd-ipa.5.xml:691
msgid "SUBDOMAINS PROVIDER"
msgstr "FOURNISSEURS DE SOUS-DOMAINES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:690
+#: sssd-ipa.5.xml:693
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
@@ -7959,7 +7966,7 @@ msgstr ""
"configuré explicitement ou implicitement."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:694
+#: sssd-ipa.5.xml:697
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -7971,7 +7978,7 @@ msgstr ""
"serveur IPA si nécessaire."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:700
+#: sssd-ipa.5.xml:703
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -7991,7 +7998,7 @@ msgstr ""
"fournisseur de sous-domaines est à nouveau activé."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:717
+#: sssd-ipa.5.xml:720
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8002,7 +8009,7 @@ msgstr ""
"exemples montrent seulement les options spécifiques au fournisseur IPA."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:724
+#: sssd-ipa.5.xml:727
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -8299,17 +8306,31 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225
+#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
msgid "Default: Not set"
msgstr "Par défaut : non défini"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:231
+#, fuzzy
+#| msgid "ad_hostname (string)"
+msgid "ad_site (string)"
+msgstr "ad_hostname (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:245
msgid "ad_enable_gc (boolean)"
msgstr "ad_enable_gc (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:248
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -8318,7 +8339,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:242
+#: sssd-ad.5.xml:256
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -8327,12 +8348,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:270
msgid "ad_gpo_access_control (string)"
msgstr "ad_gpo_access_control (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:259
+#: sssd-ad.5.xml:273
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -8342,14 +8363,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268
+#: sssd-ad.5.xml:282
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:274
+#: sssd-ad.5.xml:288
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -8362,23 +8383,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:287
+#: sssd-ad.5.xml:301
msgid "There are three supported values for this option:"
msgstr "Il existe trois valeurs prises en charge pour cette option :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:291
+#: sssd-ad.5.xml:305
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:297
+#: sssd-ad.5.xml:311
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:303
+#: sssd-ad.5.xml:317
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -8386,17 +8407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:314
+#: sssd-ad.5.xml:328
msgid "Default: permissive"
msgstr "Par défaut : permissive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:320
+#: sssd-ad.5.xml:334
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:323
+#: sssd-ad.5.xml:337
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -8404,12 +8425,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:336
+#: sssd-ad.5.xml:350
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:339
+#: sssd-ad.5.xml:353
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -8417,7 +8438,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:345
+#: sssd-ad.5.xml:359
msgid ""
"Note: Using the Group Policy Management Editor this value "
"InteractiveLogonRight is called \"Allow log on locally\" and \"Deny log on "
@@ -8425,7 +8446,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:359
+#: sssd-ad.5.xml:373
#, no-wrap
msgid ""
" ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -8433,7 +8454,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:350
+#: sssd-ad.5.xml:364
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8445,53 +8466,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:363 sssd-ad.5.xml:434 sssd-ad.5.xml:469 sssd-ad.5.xml:509
-#: sssd-ad.5.xml:570
+#: sssd-ad.5.xml:377 sssd-ad.5.xml:448 sssd-ad.5.xml:483 sssd-ad.5.xml:523
+#: sssd-ad.5.xml:584
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:381
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:372
+#: sssd-ad.5.xml:386
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:377
+#: sssd-ad.5.xml:391
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:396
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:387
+#: sssd-ad.5.xml:401
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:406
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:397
+#: sssd-ad.5.xml:411
msgid "kdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:406
+#: sssd-ad.5.xml:420
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:423
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -8499,7 +8520,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:415
+#: sssd-ad.5.xml:429
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -8507,7 +8528,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:430
+#: sssd-ad.5.xml:444
#, no-wrap
msgid ""
" ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -8515,7 +8536,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:435
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8527,17 +8548,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:452
msgid "sshd"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:461
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:450
+#: sssd-ad.5.xml:464
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -8545,7 +8566,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:479
#, no-wrap
msgid ""
" ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -8553,7 +8574,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:456
+#: sssd-ad.5.xml:470
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8565,22 +8586,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:487
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:478
+#: sssd-ad.5.xml:492
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:487
+#: sssd-ad.5.xml:501
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:504
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -8588,7 +8609,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:519
#, no-wrap
msgid ""
" ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -8596,7 +8617,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:510
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8608,17 +8629,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:527
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:522
+#: sssd-ad.5.xml:536
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:525
+#: sssd-ad.5.xml:539
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -8626,7 +8647,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:539
+#: sssd-ad.5.xml:553
#, no-wrap
msgid ""
" ad_gpo_map_service = +my_pam_service\n"
@@ -8634,7 +8655,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:531 sssd-ad.5.xml:596
+#: sssd-ad.5.xml:545 sssd-ad.5.xml:615
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -8645,19 +8666,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:549
+#: sssd-ad.5.xml:563
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:552
+#: sssd-ad.5.xml:566
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:580
#, no-wrap
msgid ""
" ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -8665,7 +8686,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:557
+#: sssd-ad.5.xml:571
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8677,29 +8698,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:574
+#: sssd-ad.5.xml:588
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:579
+#: sssd-ad.5.xml:593
msgid "sudo-i"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:598
+msgid "systemd-user"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:588
+#: sssd-ad.5.xml:607
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:591
+#: sssd-ad.5.xml:610
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:604
+#: sssd-ad.5.xml:623
#, no-wrap
msgid ""
" ad_gpo_map_deny = +my_pam_service\n"
@@ -8707,12 +8733,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:614
+#: sssd-ad.5.xml:633
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:636
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -8725,52 +8751,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:649
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:634
+#: sssd-ad.5.xml:653
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:639
+#: sssd-ad.5.xml:658
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:663
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:649
+#: sssd-ad.5.xml:668
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:654
+#: sssd-ad.5.xml:673
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:659
+#: sssd-ad.5.xml:678
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:683
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:689
msgid "Default: deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:679
+#: sssd-ad.5.xml:698
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -8788,27 +8814,27 @@ msgstr ""
"<quote>dyndns_iface</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:709
+#: sssd-ad.5.xml:728
msgid "Default: 3600 (seconds)"
msgstr "Par défaut : 3600 (secondes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:745
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr "Par défaut : utilise l'adresse IP de la connexion LDAP AD"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:753 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:775 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr "Par défaut : True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:775 sssd-krb5.5.xml:496
+#: sssd-ad.5.xml:797 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr "krb5_use_enterprise_principal (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:778 sssd-krb5.5.xml:499
+#: sssd-ad.5.xml:800 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
@@ -8818,7 +8844,7 @@ msgstr ""
"principals d'entreprise."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:823
+#: sssd-ad.5.xml:845
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8829,7 +8855,7 @@ msgstr ""
"exemples montrent seulement les options spécifiques au fournisseur AD."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:852
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -8853,7 +8879,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:850
+#: sssd-ad.5.xml:872
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -8865,7 +8891,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:846
+#: sssd-ad.5.xml:868
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -8876,7 +8902,7 @@ msgstr ""
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:856
+#: sssd-ad.5.xml:878
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -9461,7 +9487,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr "Le mot de passe chiffré sera lu sur l'entrée standard."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -11358,18 +11384,30 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_ssh_authorizedkeys.1.xml:58
-#, no-wrap
-msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+#, fuzzy, no-wrap
+#| msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
msgstr "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:51
+#, fuzzy
+#| msgid ""
+#| "If <quote>AuthorizedKeysCommand</quote> is supported, "
+#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#| "manvolnum></citerefentry> can be configured to use it by putting the "
+#| "following directive in <citerefentry> <refentrytitle>sshd_config</"
+#| "refentrytitle> <manvolnum>5</manvolnum></citerefentry>: <placeholder type="
+#| "\"programlisting\" id=\"0\"/>"
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by putting the following directive "
-"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
msgstr ""
"Si <quote>AuthorizedKeysCommand</quote> est pris en charge, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -11379,13 +11417,13 @@ msgstr ""
"\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:69
+#: sss_ssh_authorizedkeys.1.xml:70
#, no-wrap
msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:63
msgid ""
"If <quote>PubkeyAgent</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -11402,7 +11440,7 @@ msgstr ""
"\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:84
+#: sss_ssh_authorizedkeys.1.xml:85
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
@@ -11410,12 +11448,12 @@ msgstr ""
"replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr "CODE RETOUR"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
diff --git a/src/man/po/ja.po b/src/man/po/ja.po
index 826641bca..decb0058f 100644
--- a/src/man/po/ja.po
+++ b/src/man/po/ja.po
@@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.2\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-01-08 18:14+0100\n"
+"POT-Creation-Date: 2015-02-18 16:52+0100\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
@@ -90,7 +90,7 @@ msgstr ""
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "オプション"
@@ -258,8 +258,8 @@ msgstr ""
#: sssd.conf.5.xml:81 sssd.conf.5.xml:571 sssd.conf.5.xml:1014
#: sssd-ldap.5.xml:1625 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1784
#: sssd-ldap.5.xml:2273 sssd-ldap.5.xml:2338 sssd-ldap.5.xml:2356
-#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:410 sssd-ad.5.xml:166 sssd-ad.5.xml:250
-#: sssd-ad.5.xml:695 sssd-ad.5.xml:784 sssd-krb5.5.xml:490
+#: sssd-ipa.5.xml:378 sssd-ipa.5.xml:413 sssd-ad.5.xml:166 sssd-ad.5.xml:264
+#: sssd-ad.5.xml:714 sssd-ad.5.xml:806 sssd-krb5.5.xml:490
msgid "Default: true"
msgstr "初期値: true"
@@ -279,7 +279,7 @@ msgstr ""
#: sssd.conf.5.xml:94 sssd.conf.5.xml:968 sssd.conf.5.xml:2043
#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1499 sssd-ldap.5.xml:1518
#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:2060 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:540 sssd-krb5.5.xml:257
+#: sssd-ipa.5.xml:208 sssd-ipa.5.xml:543 sssd-krb5.5.xml:257
#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
msgid "Default: false"
msgstr "初期値: false"
@@ -386,12 +386,19 @@ msgstr "domains"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:181
+#, fuzzy
+#| msgid ""
+#| "A domain is a database containing user information. SSSD can use more "
+#| "domains at the same time, but at least one must be configured or SSSD "
+#| "won't start. This parameter described the list of domains in the order "
+#| "you want them to be queried. A domain name should only consist of "
+#| "alphanumeric ASCII characters, dashes and underscores."
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter described the list of domains in the order you want "
"them to be queried. A domain name should only consist of alphanumeric ASCII "
-"characters, dashes and underscores."
+"characters, dashes, dots and underscores."
msgstr ""
"ドメインはユーザー情報を含むデータベースです。SSSD は同時に複数のドメインを使"
"用できますが、少なくとも一つを設定する必要があります。さもなければ SSSD は開"
@@ -606,8 +613,8 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:336 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1458
-#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:543
-#: sssd-ad.5.xml:608 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
+#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:557
+#: sssd-ad.5.xml:627 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
#: include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr "初期値: 設定されません"
@@ -1863,7 +1870,7 @@ msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:224
msgid "Default: 0 (disabled)"
msgstr "初期値: 0 (無効)"
@@ -2911,7 +2918,7 @@ msgstr "初期値: なし、コマンドを実行しません"
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:2246 sssd-ldap.5.xml:2518 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:715 sssd-ad.5.xml:821 sssd-krb5.5.xml:519
+#: sssd-ipa.5.xml:718 sssd-ad.5.xml:843 sssd-krb5.5.xml:519
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "例"
@@ -3893,7 +3900,7 @@ msgstr "ユーザーの完全名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:738 sssd-ldap.5.xml:831 sssd-ldap.5.xml:1058
#: sssd-ldap.5.xml:1132 sssd-ldap.5.xml:2102 sssd-ldap.5.xml:2441
-#: sssd-ipa.5.xml:588
+#: sssd-ipa.5.xml:591
msgid "Default: cn"
msgstr "初期値: cn"
@@ -4713,13 +4720,8 @@ msgstr "ldap_tls_cipher_suite (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1479
-#, fuzzy
-#| msgid ""
-#| "Specifies acceptable cipher suites. Typically this is a colon sperated "
-#| "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-#| "<manvolnum>5</manvolnum></citerefentry> for format."
msgid ""
-"Specifies acceptable cipher suites. Typically this is a colon separated "
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
msgstr ""
@@ -4894,7 +4896,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "GSSAPI が使用されている場合、TGT の有効期間を秒単位で指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:739
+#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:761
msgid "Default: 86400 (24 hours)"
msgstr "初期値: 86400 (24 時間)"
@@ -4938,7 +4940,7 @@ msgstr ""
"quote> を使用するよう設定ファイルを移行することが推奨されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:385 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:388 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (文字列)"
@@ -4953,7 +4955,7 @@ msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:400 sssd-krb5.5.xml:453
+#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:403 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (論理値)"
@@ -5980,7 +5982,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: sssd-ldap.5.xml:2525 sssd-ldap.5.xml:2543 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:723 sssd-ad.5.xml:829 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ipa.5.xml:726 sssd-ad.5.xml:851 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
@@ -6038,7 +6040,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2559 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:844 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:866 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "注記"
@@ -6644,7 +6646,7 @@ msgstr ""
"使用される完全修飾名を反映しないマシンにおいて設定されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:676
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:695
msgid "dyndns_update (boolean)"
msgstr "dyndns_update (論理値)"
@@ -6659,7 +6661,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:690
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:709
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6677,12 +6679,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:701
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:720
msgid "dyndns_ttl (integer)"
msgstr "dyndns_ttl (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:704
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:723
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6703,19 +6705,24 @@ msgid "Default: 1200 (seconds)"
msgstr "初期値: 1200 (秒)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:715
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:734
msgid "dyndns_iface (string)"
msgstr "dyndns_iface (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:718
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:737
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173
+#: sssd-ipa.5.xml:173 sssd-ad.5.xml:742
+msgid "NOTE: This option currently supports only one interface."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:176
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -6723,22 +6730,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:179
+#: sssd-ipa.5.xml:182
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr "初期値: IPA LDAP 接続の IP アドレスを使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:185
+#: sssd-ipa.5.xml:188
msgid "ipa_enable_dns_sites (boolean)"
msgstr "ipa_enable_dns_sites (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr "DNS サイトの有効化 - 位置情報に基づいたサービス探索。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:192
+#: sssd-ipa.5.xml:195
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
@@ -6750,12 +6757,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:729
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:751
msgid "dyndns_refresh_interval (integer)"
msgstr "dyndns_refresh_interval (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:732
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:754
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6763,36 +6770,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:745
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:767
msgid "dyndns_update_ptr (bool)"
msgstr "dyndns_update_ptr (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:748
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:770
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:235
+#: sssd-ipa.5.xml:238
msgid ""
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:241
+#: sssd-ipa.5.xml:244
msgid "Default: False (disabled)"
msgstr "初期値: False (無効)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:759
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:781
msgid "dyndns_force_tcp (bool)"
msgstr "dyndns_force_tcp (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:762
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:784
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
@@ -6801,42 +6808,42 @@ msgstr ""
"どうか。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:766
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:788
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260
+#: sssd-ipa.5.xml:263
msgid "ipa_hbac_search_base (string)"
msgstr "ipa_hbac_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263
+#: sssd-ipa.5.xml:266
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
"オプションです。与えられた文字列を HBAC 関連オブジェクトに対する検索ベースと"
"して使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:270
msgid "Default: Use base DN"
msgstr "初期値: ベース DN を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273
+#: sssd-ipa.5.xml:276
msgid "ipa_host_search_base (string)"
msgstr "ipa_host_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276
+#: sssd-ipa.5.xml:279
msgid "Optional. Use the given string as search base for host objects."
msgstr ""
"オプションです。ホストオブジェクトの検索ベースとして与えられた文字列を使用し"
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:283 sssd-ipa.5.xml:302 sssd-ipa.5.xml:321 sssd-ipa.5.xml:340
+#: sssd-ipa.5.xml:359
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
@@ -6845,76 +6852,76 @@ msgstr ""
"してください。"
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:288 sssd-ipa.5.xml:307 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "初期値: <emphasis>ldap_search_base</emphasis> の値"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:295
msgid "ipa_selinux_search_base (string)"
msgstr "ipa_selinux_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:295
+#: sssd-ipa.5.xml:298
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
"オプションです。与えられた文字列を SELinux ユーザーマップに対する検索ベースと"
"して使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:311
+#: sssd-ipa.5.xml:314
msgid "ipa_subdomains_search_base (string)"
msgstr "ipa_subdomains_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:314
+#: sssd-ipa.5.xml:317
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
"オプションです。信頼されたドメインに対する検索ベースとして、与えられた文字列"
"を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:326
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr "初期値: <emphasis>cn=trusts,%basedn</emphasis> の値"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:330
+#: sssd-ipa.5.xml:333
msgid "ipa_master_domain_search_base (string)"
msgstr "ipa_master_domain_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:333
+#: sssd-ipa.5.xml:336
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:345
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr "初期値: <emphasis>cn=ad,cn=etc,%basedn</emphasis> の値"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:349
+#: sssd-ipa.5.xml:352
msgid "ipa_views_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:352
+#: sssd-ipa.5.xml:355
msgid "Optional. Use the given string as search base for views containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:364
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368 sssd-krb5.5.xml:245
+#: sssd-ipa.5.xml:371 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:374
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
@@ -6922,7 +6929,7 @@ msgstr ""
"取得された TGT が改ざんされていないかを krb5_keytab の支援で確認します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378 sssd-ad.5.xml:787
+#: sssd-ipa.5.xml:381 sssd-ad.5.xml:809
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6931,7 +6938,7 @@ msgstr ""
"してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:388
+#: sssd-ipa.5.xml:391
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
@@ -6940,7 +6947,7 @@ msgstr ""
"quote> の値です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:395
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
@@ -6949,7 +6956,7 @@ msgstr ""
"めに使用するベース DN に変換されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:403
+#: sssd-ipa.5.xml:406
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -6959,12 +6966,12 @@ msgstr ""
"するかを指定します。この機能は MIT Kerberos >= 1.7 で利用可能です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:416 sssd-krb5.5.xml:407
+#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:407
msgid "krb5_use_fast (string)"
msgstr "krb5_use_fast (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:410
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:410
msgid ""
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
"authentication. The following options are supported:"
@@ -6973,12 +6980,12 @@ msgstr ""
"を有効化します。以下のオプションがサポートされます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:424
+#: sssd-ipa.5.xml:427
msgid "<emphasis>never</emphasis> use FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:430
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it. This is equivalent to not setting "
@@ -6986,7 +6993,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:433 sssd-krb5.5.xml:424
+#: sssd-ipa.5.xml:436 sssd-krb5.5.xml:424
msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
@@ -6995,12 +7002,12 @@ msgstr ""
"ければ、認証が失敗します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:438
+#: sssd-ipa.5.xml:441
msgid "Default: try"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:441 sssd-krb5.5.xml:435
+#: sssd-ipa.5.xml:444 sssd-krb5.5.xml:435
msgid ""
"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
"SSSD is used with an older version of MIT Kerberos, using this option is a "
@@ -7011,28 +7018,28 @@ msgstr ""
"ンを使用すると設定エラーになります。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:794
+#: sssd-ipa.5.xml:453 sssd-ad.5.xml:816
#, fuzzy
#| msgid "krb5_ccname_template (string)"
msgid "krb5_confd_path (string)"
msgstr "krb5_ccname_template (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:453 sssd-ad.5.xml:797
+#: sssd-ipa.5.xml:456 sssd-ad.5.xml:819
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:457 sssd-ad.5.xml:801
+#: sssd-ipa.5.xml:460 sssd-ad.5.xml:823
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:805
+#: sssd-ipa.5.xml:464 sssd-ad.5.xml:827
#, fuzzy
#| msgid "Default: not set (no substitution for unset home directories)"
msgid ""
@@ -7040,12 +7047,12 @@ msgid ""
msgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:468
+#: sssd-ipa.5.xml:471
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:474
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -7053,17 +7060,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:478 sssd-ipa.5.xml:494 sssd-ad.5.xml:330
+#: sssd-ipa.5.xml:481 sssd-ipa.5.xml:497 sssd-ad.5.xml:344
msgid "Default: 5 (seconds)"
msgstr "初期値: 5 (秒)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:484
+#: sssd-ipa.5.xml:487
msgid "ipa_hbac_selinux (integer)"
msgstr "ipa_hbac_selinux (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:490
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -7071,12 +7078,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:503
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:506
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -7090,7 +7097,7 @@ msgstr ""
"操作をサポートします:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:515
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
@@ -7099,7 +7106,7 @@ msgstr ""
"てのユーザーがアクセスを拒否されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:517
+#: sssd-ipa.5.xml:520
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
@@ -7109,197 +7116,197 @@ msgstr ""
"注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:522
+#: sssd-ipa.5.xml:525
msgid "Default: DENY_ALL"
msgstr "初期値: DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:531
msgid "ipa_server_mode (boolean)"
msgstr "ipa_server_mode (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:534
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:535
+#: sssd-ipa.5.xml:538
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:549
msgid "ipa_automount_location (string)"
msgstr "ipa_automount_location (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:549
+#: sssd-ipa.5.xml:552
msgid "The automounter location this IPA client will be using"
msgstr "この IPA クライアントが使用する automounter の場所です"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:552
+#: sssd-ipa.5.xml:555
msgid "Default: The location named \"default\""
msgstr "初期値: \"default\" という名前の場所"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:560
+#: sssd-ipa.5.xml:563
msgid "VIEWS AND OVERRIDES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:572
msgid "ipa_view_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:572
+#: sssd-ipa.5.xml:575
msgid "Objectclass of the view container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:578
msgid "Default: nsContainer"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:581
+#: sssd-ipa.5.xml:584
msgid "ipa_view_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:584
+#: sssd-ipa.5.xml:587
msgid "Name of the attribute holding the name of the view."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:594
+#: sssd-ipa.5.xml:597
msgid "ipa_overide_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:597
+#: sssd-ipa.5.xml:600
msgid "Objectclass of the override objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:600
+#: sssd-ipa.5.xml:603
msgid "Default: ipaOverrideAnchor"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:606
+#: sssd-ipa.5.xml:609
msgid "ipa_anchor_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:612
msgid ""
"Name of the attribute containing the reference to the original object in a "
"remote domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:613
+#: sssd-ipa.5.xml:616
msgid "Default: ipaAnchorUUID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
+#: sssd-ipa.5.xml:622
msgid "ipa_user_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
+#: sssd-ipa.5.xml:625
msgid ""
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:627
+#: sssd-ipa.5.xml:630
msgid "User overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:630
+#: sssd-ipa.5.xml:633
msgid "ldap_user_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:633
+#: sssd-ipa.5.xml:636
msgid "ldap_user_uid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:636
+#: sssd-ipa.5.xml:639
msgid "ldap_user_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:639
+#: sssd-ipa.5.xml:642
msgid "ldap_user_gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:642
+#: sssd-ipa.5.xml:645
msgid "ldap_user_home_directory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:645
+#: sssd-ipa.5.xml:648
msgid "ldap_user_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:651
#, fuzzy
#| msgid "ldap_user_ssh_public_key (string)"
msgid "ldap_user_ssh_public_key"
msgstr "ldap_user_ssh_public_key (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:653
+#: sssd-ipa.5.xml:656
msgid "Default: ipaUserOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:659
+#: sssd-ipa.5.xml:662
msgid "ipa_group_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:662
+#: sssd-ipa.5.xml:665
msgid ""
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:667
+#: sssd-ipa.5.xml:670
msgid "Group overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:670
+#: sssd-ipa.5.xml:673
msgid "ldap_group_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:673
+#: sssd-ipa.5.xml:676
msgid "ldap_group_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:678
+#: sssd-ipa.5.xml:681
msgid "Default: ipaGroupOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:565
msgid ""
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
@@ -7309,19 +7316,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:688
+#: sssd-ipa.5.xml:691
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:690
+#: sssd-ipa.5.xml:693
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:694
+#: sssd-ipa.5.xml:697
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -7332,7 +7339,7 @@ msgstr ""
"メインのリクエストが必要に応じて IPA サーバーに送られます。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:700
+#: sssd-ipa.5.xml:703
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -7344,7 +7351,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:717
+#: sssd-ipa.5.xml:720
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7355,7 +7362,7 @@ msgstr ""
"例は IPA プロバイダー固有のオプションのみを示しています。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:724
+#: sssd-ipa.5.xml:727
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -7614,17 +7621,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225
+#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:231
+#, fuzzy
+#| msgid "ad_hostname (string)"
+msgid "ad_site (string)"
+msgstr "ad_hostname (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:245
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:248
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7633,7 +7654,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:242
+#: sssd-ad.5.xml:256
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7642,12 +7663,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:270
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:259
+#: sssd-ad.5.xml:273
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7657,14 +7678,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268
+#: sssd-ad.5.xml:282
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:274
+#: sssd-ad.5.xml:288
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7677,23 +7698,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:287
+#: sssd-ad.5.xml:301
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:291
+#: sssd-ad.5.xml:305
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:297
+#: sssd-ad.5.xml:311
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:303
+#: sssd-ad.5.xml:317
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7701,17 +7722,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:314
+#: sssd-ad.5.xml:328
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:320
+#: sssd-ad.5.xml:334
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:323
+#: sssd-ad.5.xml:337
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7719,12 +7740,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:336
+#: sssd-ad.5.xml:350
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:339
+#: sssd-ad.5.xml:353
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7732,7 +7753,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:345
+#: sssd-ad.5.xml:359
msgid ""
"Note: Using the Group Policy Management Editor this value "
"InteractiveLogonRight is called \"Allow log on locally\" and \"Deny log on "
@@ -7740,7 +7761,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:359
+#: sssd-ad.5.xml:373
#, no-wrap
msgid ""
" ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7748,7 +7769,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:350
+#: sssd-ad.5.xml:364
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7760,53 +7781,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:363 sssd-ad.5.xml:434 sssd-ad.5.xml:469 sssd-ad.5.xml:509
-#: sssd-ad.5.xml:570
+#: sssd-ad.5.xml:377 sssd-ad.5.xml:448 sssd-ad.5.xml:483 sssd-ad.5.xml:523
+#: sssd-ad.5.xml:584
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:381
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:372
+#: sssd-ad.5.xml:386
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:377
+#: sssd-ad.5.xml:391
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:396
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:387
+#: sssd-ad.5.xml:401
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:406
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:397
+#: sssd-ad.5.xml:411
msgid "kdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:406
+#: sssd-ad.5.xml:420
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:423
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7814,7 +7835,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:415
+#: sssd-ad.5.xml:429
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7822,7 +7843,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:430
+#: sssd-ad.5.xml:444
#, no-wrap
msgid ""
" ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7830,7 +7851,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:435
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7842,17 +7863,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:452
msgid "sshd"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:461
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:450
+#: sssd-ad.5.xml:464
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7860,7 +7881,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:479
#, no-wrap
msgid ""
" ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7868,7 +7889,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:456
+#: sssd-ad.5.xml:470
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7880,22 +7901,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:487
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:478
+#: sssd-ad.5.xml:492
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:487
+#: sssd-ad.5.xml:501
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:504
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7903,7 +7924,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:519
#, no-wrap
msgid ""
" ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7911,7 +7932,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:510
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7923,17 +7944,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:527
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:522
+#: sssd-ad.5.xml:536
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:525
+#: sssd-ad.5.xml:539
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7941,7 +7962,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:539
+#: sssd-ad.5.xml:553
#, no-wrap
msgid ""
" ad_gpo_map_service = +my_pam_service\n"
@@ -7949,7 +7970,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:531 sssd-ad.5.xml:596
+#: sssd-ad.5.xml:545 sssd-ad.5.xml:615
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7960,19 +7981,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:549
+#: sssd-ad.5.xml:563
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:552
+#: sssd-ad.5.xml:566
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:580
#, no-wrap
msgid ""
" ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7980,7 +8001,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:557
+#: sssd-ad.5.xml:571
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7992,29 +8013,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:574
+#: sssd-ad.5.xml:588
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:579
+#: sssd-ad.5.xml:593
msgid "sudo-i"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:598
+msgid "systemd-user"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:588
+#: sssd-ad.5.xml:607
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:591
+#: sssd-ad.5.xml:610
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:604
+#: sssd-ad.5.xml:623
#, no-wrap
msgid ""
" ad_gpo_map_deny = +my_pam_service\n"
@@ -8022,12 +8048,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:614
+#: sssd-ad.5.xml:633
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:636
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -8040,52 +8066,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:649
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:634
+#: sssd-ad.5.xml:653
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:639
+#: sssd-ad.5.xml:658
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:663
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:649
+#: sssd-ad.5.xml:668
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:654
+#: sssd-ad.5.xml:673
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:659
+#: sssd-ad.5.xml:678
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:683
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:689
msgid "Default: deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:679
+#: sssd-ad.5.xml:698
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -8096,27 +8122,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:709
+#: sssd-ad.5.xml:728
msgid "Default: 3600 (seconds)"
msgstr "初期値: 3600 (秒)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:745
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr "初期値: AD の LDAP 接続の IP アドレスを使用します"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:753 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:775 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr "初期値: True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:775 sssd-krb5.5.xml:496
+#: sssd-ad.5.xml:797 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr "krb5_use_enterprise_principal (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:778 sssd-krb5.5.xml:499
+#: sssd-ad.5.xml:800 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
@@ -8126,7 +8152,7 @@ msgstr ""
"してください。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:823
+#: sssd-ad.5.xml:845
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8137,7 +8163,7 @@ msgstr ""
"AD プロバイダー固有のオプションのみ示してします。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:852
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -8161,7 +8187,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:850
+#: sssd-ad.5.xml:872
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -8173,7 +8199,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:846
+#: sssd-ad.5.xml:868
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -8181,7 +8207,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:856
+#: sssd-ad.5.xml:878
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -8699,7 +8725,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr "解読しにくくするパスワードが標準入力から読み込まれます。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -10519,18 +10545,30 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_ssh_authorizedkeys.1.xml:58
-#, no-wrap
-msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+#, fuzzy, no-wrap
+#| msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
msgstr "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:51
+#, fuzzy
+#| msgid ""
+#| "If <quote>AuthorizedKeysCommand</quote> is supported, "
+#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#| "manvolnum></citerefentry> can be configured to use it by putting the "
+#| "following directive in <citerefentry> <refentrytitle>sshd_config</"
+#| "refentrytitle> <manvolnum>5</manvolnum></citerefentry>: <placeholder type="
+#| "\"programlisting\" id=\"0\"/>"
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by putting the following directive "
-"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
msgstr ""
"<quote>AuthorizedKeysCommand</quote> がサポートされていると、 "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10540,13 +10578,13 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:69
+#: sss_ssh_authorizedkeys.1.xml:70
#, no-wrap
msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:63
msgid ""
"If <quote>PubkeyAgent</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10563,7 +10601,7 @@ msgstr ""
"\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:84
+#: sss_ssh_authorizedkeys.1.xml:85
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
@@ -10571,12 +10609,12 @@ msgstr ""
"します。"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr "終了コード"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
diff --git a/src/man/po/lv.po b/src/man/po/lv.po
index 0b6dc2489..5ab6c13ee 100644
--- a/src/man/po/lv.po
+++ b/src/man/po/lv.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.2\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-01-08 18:14+0100\n"
+"POT-Creation-Date: 2015-02-18 16:52+0100\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Latvian (http://www.transifex.com/projects/p/sssd/language/"
@@ -85,7 +85,7 @@ msgstr ""
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "IESPĒJAS"
@@ -230,8 +230,8 @@ msgstr ""
#: sssd.conf.5.xml:81 sssd.conf.5.xml:571 sssd.conf.5.xml:1014
#: sssd-ldap.5.xml:1625 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1784
#: sssd-ldap.5.xml:2273 sssd-ldap.5.xml:2338 sssd-ldap.5.xml:2356
-#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:410 sssd-ad.5.xml:166 sssd-ad.5.xml:250
-#: sssd-ad.5.xml:695 sssd-ad.5.xml:784 sssd-krb5.5.xml:490
+#: sssd-ipa.5.xml:378 sssd-ipa.5.xml:413 sssd-ad.5.xml:166 sssd-ad.5.xml:264
+#: sssd-ad.5.xml:714 sssd-ad.5.xml:806 sssd-krb5.5.xml:490
msgid "Default: true"
msgstr ""
@@ -251,7 +251,7 @@ msgstr ""
#: sssd.conf.5.xml:94 sssd.conf.5.xml:968 sssd.conf.5.xml:2043
#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1499 sssd-ldap.5.xml:1518
#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:2060 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:540 sssd-krb5.5.xml:257
+#: sssd-ipa.5.xml:208 sssd-ipa.5.xml:543 sssd-krb5.5.xml:257
#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
msgid "Default: false"
msgstr ""
@@ -359,7 +359,7 @@ msgid ""
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter described the list of domains in the order you want "
"them to be queried. A domain name should only consist of alphanumeric ASCII "
-"characters, dashes and underscores."
+"characters, dashes, dots and underscores."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -544,8 +544,8 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:336 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1458
-#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:543
-#: sssd-ad.5.xml:608 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
+#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:557
+#: sssd-ad.5.xml:627 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
#: include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
@@ -1697,7 +1697,7 @@ msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:224
msgid "Default: 0 (disabled)"
msgstr ""
@@ -2621,7 +2621,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:2246 sssd-ldap.5.xml:2518 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:715 sssd-ad.5.xml:821 sssd-krb5.5.xml:519
+#: sssd-ipa.5.xml:718 sssd-ad.5.xml:843 sssd-krb5.5.xml:519
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "PIEMĒRS"
@@ -3497,7 +3497,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:738 sssd-ldap.5.xml:831 sssd-ldap.5.xml:1058
#: sssd-ldap.5.xml:1132 sssd-ldap.5.xml:2102 sssd-ldap.5.xml:2441
-#: sssd-ipa.5.xml:588
+#: sssd-ipa.5.xml:591
msgid "Default: cn"
msgstr ""
@@ -4253,7 +4253,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1479
msgid ""
-"Specifies acceptable cipher suites. Typically this is a colon separated "
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
msgstr ""
@@ -4414,7 +4414,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:739
+#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:761
msgid "Default: 86400 (24 hours)"
msgstr "Noklusējuma: 86400 (24 stundas)"
@@ -4452,7 +4452,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:385 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:388 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
@@ -4467,7 +4467,7 @@ msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:400 sssd-krb5.5.xml:453
+#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:403 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
@@ -5398,7 +5398,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: sssd-ldap.5.xml:2525 sssd-ldap.5.xml:2543 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:723 sssd-ad.5.xml:829 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ipa.5.xml:726 sssd-ad.5.xml:851 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -5433,7 +5433,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2559 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:844 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:866 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "PIEZĪMES"
@@ -5943,7 +5943,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:676
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:695
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5958,7 +5958,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:690
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:709
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5973,12 +5973,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:701
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:720
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:704
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:723
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -5999,19 +5999,24 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:715
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:734
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:718
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:737
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173
+#: sssd-ipa.5.xml:173 sssd-ad.5.xml:742
+msgid "NOTE: This option currently supports only one interface."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:176
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -6019,22 +6024,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:179
+#: sssd-ipa.5.xml:182
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:185
+#: sssd-ipa.5.xml:188
msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:192
+#: sssd-ipa.5.xml:195
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
@@ -6046,12 +6051,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:729
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:751
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:732
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:754
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6059,174 +6064,174 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:745
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:767
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:748
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:770
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:235
+#: sssd-ipa.5.xml:238
msgid ""
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:241
+#: sssd-ipa.5.xml:244
msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:759
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:781
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:762
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:784
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:766
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:788
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260
+#: sssd-ipa.5.xml:263
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263
+#: sssd-ipa.5.xml:266
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:270
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273
+#: sssd-ipa.5.xml:276
msgid "ipa_host_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276
+#: sssd-ipa.5.xml:279
msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:283 sssd-ipa.5.xml:302 sssd-ipa.5.xml:321 sssd-ipa.5.xml:340
+#: sssd-ipa.5.xml:359
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:288 sssd-ipa.5.xml:307 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:295
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:295
+#: sssd-ipa.5.xml:298
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:311
+#: sssd-ipa.5.xml:314
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:314
+#: sssd-ipa.5.xml:317
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:326
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:330
+#: sssd-ipa.5.xml:333
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:333
+#: sssd-ipa.5.xml:336
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:345
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:349
+#: sssd-ipa.5.xml:352
msgid "ipa_views_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:352
+#: sssd-ipa.5.xml:355
msgid "Optional. Use the given string as search base for views containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:364
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368 sssd-krb5.5.xml:245
+#: sssd-ipa.5.xml:371 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:374
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378 sssd-ad.5.xml:787
+#: sssd-ipa.5.xml:381 sssd-ad.5.xml:809
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:388
+#: sssd-ipa.5.xml:391
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:395
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:403
+#: sssd-ipa.5.xml:406
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -6234,24 +6239,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:416 sssd-krb5.5.xml:407
+#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:407
msgid "krb5_use_fast (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:410
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:410
msgid ""
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:424
+#: sssd-ipa.5.xml:427
msgid "<emphasis>never</emphasis> use FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:430
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it. This is equivalent to not setting "
@@ -6259,19 +6264,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:433 sssd-krb5.5.xml:424
+#: sssd-ipa.5.xml:436 sssd-krb5.5.xml:424
msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:438
+#: sssd-ipa.5.xml:441
msgid "Default: try"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:441 sssd-krb5.5.xml:435
+#: sssd-ipa.5.xml:444 sssd-krb5.5.xml:435
msgid ""
"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
"SSSD is used with an older version of MIT Kerberos, using this option is a "
@@ -6279,37 +6284,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:794
+#: sssd-ipa.5.xml:453 sssd-ad.5.xml:816
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:453 sssd-ad.5.xml:797
+#: sssd-ipa.5.xml:456 sssd-ad.5.xml:819
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:457 sssd-ad.5.xml:801
+#: sssd-ipa.5.xml:460 sssd-ad.5.xml:823
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:805
+#: sssd-ipa.5.xml:464 sssd-ad.5.xml:827
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:468
+#: sssd-ipa.5.xml:471
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:474
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -6317,17 +6322,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:478 sssd-ipa.5.xml:494 sssd-ad.5.xml:330
+#: sssd-ipa.5.xml:481 sssd-ipa.5.xml:497 sssd-ad.5.xml:344
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:484
+#: sssd-ipa.5.xml:487
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:490
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -6335,12 +6340,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:503
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:506
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -6349,209 +6354,209 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:515
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:517
+#: sssd-ipa.5.xml:520
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:522
+#: sssd-ipa.5.xml:525
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:531
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:534
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:535
+#: sssd-ipa.5.xml:538
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:549
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:549
+#: sssd-ipa.5.xml:552
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:552
+#: sssd-ipa.5.xml:555
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:560
+#: sssd-ipa.5.xml:563
msgid "VIEWS AND OVERRIDES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:572
msgid "ipa_view_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:572
+#: sssd-ipa.5.xml:575
msgid "Objectclass of the view container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:578
msgid "Default: nsContainer"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:581
+#: sssd-ipa.5.xml:584
msgid "ipa_view_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:584
+#: sssd-ipa.5.xml:587
msgid "Name of the attribute holding the name of the view."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:594
+#: sssd-ipa.5.xml:597
msgid "ipa_overide_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:597
+#: sssd-ipa.5.xml:600
msgid "Objectclass of the override objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:600
+#: sssd-ipa.5.xml:603
msgid "Default: ipaOverrideAnchor"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:606
+#: sssd-ipa.5.xml:609
msgid "ipa_anchor_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:612
msgid ""
"Name of the attribute containing the reference to the original object in a "
"remote domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:613
+#: sssd-ipa.5.xml:616
msgid "Default: ipaAnchorUUID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
+#: sssd-ipa.5.xml:622
msgid "ipa_user_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
+#: sssd-ipa.5.xml:625
msgid ""
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:627
+#: sssd-ipa.5.xml:630
msgid "User overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:630
+#: sssd-ipa.5.xml:633
msgid "ldap_user_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:633
+#: sssd-ipa.5.xml:636
msgid "ldap_user_uid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:636
+#: sssd-ipa.5.xml:639
msgid "ldap_user_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:639
+#: sssd-ipa.5.xml:642
msgid "ldap_user_gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:642
+#: sssd-ipa.5.xml:645
msgid "ldap_user_home_directory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:645
+#: sssd-ipa.5.xml:648
msgid "ldap_user_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:651
msgid "ldap_user_ssh_public_key"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:653
+#: sssd-ipa.5.xml:656
msgid "Default: ipaUserOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:659
+#: sssd-ipa.5.xml:662
msgid "ipa_group_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:662
+#: sssd-ipa.5.xml:665
msgid ""
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:667
+#: sssd-ipa.5.xml:670
msgid "Group overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:670
+#: sssd-ipa.5.xml:673
msgid "ldap_group_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:673
+#: sssd-ipa.5.xml:676
msgid "ldap_group_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:678
+#: sssd-ipa.5.xml:681
msgid "Default: ipaGroupOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:565
msgid ""
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
@@ -6561,19 +6566,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:688
+#: sssd-ipa.5.xml:691
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:690
+#: sssd-ipa.5.xml:693
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:694
+#: sssd-ipa.5.xml:697
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6581,7 +6586,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:700
+#: sssd-ipa.5.xml:703
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6593,7 +6598,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:717
+#: sssd-ipa.5.xml:720
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6601,7 +6606,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:724
+#: sssd-ipa.5.xml:727
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6841,18 +6846,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225
+#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:231
-msgid "ad_enable_gc (boolean)"
+msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:234
msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:245
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:248
+msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
@@ -6860,7 +6877,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:242
+#: sssd-ad.5.xml:256
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -6869,12 +6886,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:270
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:259
+#: sssd-ad.5.xml:273
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -6884,14 +6901,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268
+#: sssd-ad.5.xml:282
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:274
+#: sssd-ad.5.xml:288
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -6904,23 +6921,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:287
+#: sssd-ad.5.xml:301
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:291
+#: sssd-ad.5.xml:305
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:297
+#: sssd-ad.5.xml:311
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:303
+#: sssd-ad.5.xml:317
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -6928,17 +6945,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:314
+#: sssd-ad.5.xml:328
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:320
+#: sssd-ad.5.xml:334
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:323
+#: sssd-ad.5.xml:337
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -6946,12 +6963,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:336
+#: sssd-ad.5.xml:350
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:339
+#: sssd-ad.5.xml:353
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -6959,7 +6976,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:345
+#: sssd-ad.5.xml:359
msgid ""
"Note: Using the Group Policy Management Editor this value "
"InteractiveLogonRight is called \"Allow log on locally\" and \"Deny log on "
@@ -6967,7 +6984,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:359
+#: sssd-ad.5.xml:373
#, no-wrap
msgid ""
" ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -6975,7 +6992,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:350
+#: sssd-ad.5.xml:364
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -6987,53 +7004,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:363 sssd-ad.5.xml:434 sssd-ad.5.xml:469 sssd-ad.5.xml:509
-#: sssd-ad.5.xml:570
+#: sssd-ad.5.xml:377 sssd-ad.5.xml:448 sssd-ad.5.xml:483 sssd-ad.5.xml:523
+#: sssd-ad.5.xml:584
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:381
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:372
+#: sssd-ad.5.xml:386
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:377
+#: sssd-ad.5.xml:391
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:396
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:387
+#: sssd-ad.5.xml:401
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:406
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:397
+#: sssd-ad.5.xml:411
msgid "kdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:406
+#: sssd-ad.5.xml:420
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:423
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7041,7 +7058,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:415
+#: sssd-ad.5.xml:429
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7049,7 +7066,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:430
+#: sssd-ad.5.xml:444
#, no-wrap
msgid ""
" ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7057,7 +7074,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:435
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7069,17 +7086,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:452
msgid "sshd"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:461
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:450
+#: sssd-ad.5.xml:464
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7087,7 +7104,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:479
#, no-wrap
msgid ""
" ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7095,7 +7112,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:456
+#: sssd-ad.5.xml:470
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7107,22 +7124,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:487
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:478
+#: sssd-ad.5.xml:492
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:487
+#: sssd-ad.5.xml:501
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:504
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7130,7 +7147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:519
#, no-wrap
msgid ""
" ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7138,7 +7155,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:510
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7150,17 +7167,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:527
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:522
+#: sssd-ad.5.xml:536
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:525
+#: sssd-ad.5.xml:539
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7168,7 +7185,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:539
+#: sssd-ad.5.xml:553
#, no-wrap
msgid ""
" ad_gpo_map_service = +my_pam_service\n"
@@ -7176,7 +7193,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:531 sssd-ad.5.xml:596
+#: sssd-ad.5.xml:545 sssd-ad.5.xml:615
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7187,19 +7204,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:549
+#: sssd-ad.5.xml:563
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:552
+#: sssd-ad.5.xml:566
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:580
#, no-wrap
msgid ""
" ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7207,7 +7224,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:557
+#: sssd-ad.5.xml:571
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7219,29 +7236,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:574
+#: sssd-ad.5.xml:588
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:579
+#: sssd-ad.5.xml:593
msgid "sudo-i"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:598
+msgid "systemd-user"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:588
+#: sssd-ad.5.xml:607
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:591
+#: sssd-ad.5.xml:610
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:604
+#: sssd-ad.5.xml:623
#, no-wrap
msgid ""
" ad_gpo_map_deny = +my_pam_service\n"
@@ -7249,12 +7271,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:614
+#: sssd-ad.5.xml:633
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:636
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7267,52 +7289,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:649
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:634
+#: sssd-ad.5.xml:653
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:639
+#: sssd-ad.5.xml:658
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:663
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:649
+#: sssd-ad.5.xml:668
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:654
+#: sssd-ad.5.xml:673
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:659
+#: sssd-ad.5.xml:678
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:683
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:689
msgid "Default: deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:679
+#: sssd-ad.5.xml:698
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7323,34 +7345,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:709
+#: sssd-ad.5.xml:728
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:745
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:753 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:775 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:775 sssd-krb5.5.xml:496
+#: sssd-ad.5.xml:797 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:778 sssd-krb5.5.xml:499
+#: sssd-ad.5.xml:800 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:823
+#: sssd-ad.5.xml:845
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7358,7 +7380,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:852
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7373,7 +7395,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:850
+#: sssd-ad.5.xml:872
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7382,7 +7404,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:846
+#: sssd-ad.5.xml:868
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7390,7 +7412,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:856
+#: sssd-ad.5.xml:878
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7857,7 +7879,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -9465,7 +9487,9 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_ssh_authorizedkeys.1.xml:58
#, no-wrap
-msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -9473,19 +9497,20 @@ msgstr ""
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by putting the following directive "
-"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:69
+#: sss_ssh_authorizedkeys.1.xml:70
#, no-wrap
msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:63
msgid ""
"If <quote>PubkeyAgent</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -9496,18 +9521,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:84
+#: sss_ssh_authorizedkeys.1.xml:85
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
diff --git a/src/man/po/nl.po b/src/man/po/nl.po
index 70835b18f..4dbc9cac6 100644
--- a/src/man/po/nl.po
+++ b/src/man/po/nl.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.2\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-01-08 18:14+0100\n"
+"POT-Creation-Date: 2015-02-18 16:52+0100\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/"
@@ -88,7 +88,7 @@ msgstr ""
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "OPTIES"
@@ -257,8 +257,8 @@ msgstr ""
#: sssd.conf.5.xml:81 sssd.conf.5.xml:571 sssd.conf.5.xml:1014
#: sssd-ldap.5.xml:1625 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1784
#: sssd-ldap.5.xml:2273 sssd-ldap.5.xml:2338 sssd-ldap.5.xml:2356
-#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:410 sssd-ad.5.xml:166 sssd-ad.5.xml:250
-#: sssd-ad.5.xml:695 sssd-ad.5.xml:784 sssd-krb5.5.xml:490
+#: sssd-ipa.5.xml:378 sssd-ipa.5.xml:413 sssd-ad.5.xml:166 sssd-ad.5.xml:264
+#: sssd-ad.5.xml:714 sssd-ad.5.xml:806 sssd-krb5.5.xml:490
msgid "Default: true"
msgstr "Standaard: true"
@@ -278,7 +278,7 @@ msgstr ""
#: sssd.conf.5.xml:94 sssd.conf.5.xml:968 sssd.conf.5.xml:2043
#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1499 sssd-ldap.5.xml:1518
#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:2060 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:540 sssd-krb5.5.xml:257
+#: sssd-ipa.5.xml:208 sssd-ipa.5.xml:543 sssd-krb5.5.xml:257
#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
msgid "Default: false"
msgstr ""
@@ -391,7 +391,7 @@ msgid ""
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter described the list of domains in the order you want "
"them to be queried. A domain name should only consist of alphanumeric ASCII "
-"characters, dashes and underscores."
+"characters, dashes, dots and underscores."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -592,8 +592,8 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:336 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1458
-#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:543
-#: sssd-ad.5.xml:608 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
+#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:557
+#: sssd-ad.5.xml:627 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
#: include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
@@ -1751,7 +1751,7 @@ msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:224
msgid "Default: 0 (disabled)"
msgstr ""
@@ -2680,7 +2680,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:2246 sssd-ldap.5.xml:2518 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:715 sssd-ad.5.xml:821 sssd-krb5.5.xml:519
+#: sssd-ipa.5.xml:718 sssd-ad.5.xml:843 sssd-krb5.5.xml:519
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
@@ -3556,7 +3556,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:738 sssd-ldap.5.xml:831 sssd-ldap.5.xml:1058
#: sssd-ldap.5.xml:1132 sssd-ldap.5.xml:2102 sssd-ldap.5.xml:2441
-#: sssd-ipa.5.xml:588
+#: sssd-ipa.5.xml:591
msgid "Default: cn"
msgstr ""
@@ -4312,7 +4312,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1479
msgid ""
-"Specifies acceptable cipher suites. Typically this is a colon separated "
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
msgstr ""
@@ -4473,7 +4473,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:739
+#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:761
msgid "Default: 86400 (24 hours)"
msgstr ""
@@ -4511,7 +4511,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:385 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:388 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
@@ -4526,7 +4526,7 @@ msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:400 sssd-krb5.5.xml:453
+#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:403 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
@@ -5457,7 +5457,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: sssd-ldap.5.xml:2525 sssd-ldap.5.xml:2543 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:723 sssd-ad.5.xml:829 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ipa.5.xml:726 sssd-ad.5.xml:851 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -5492,7 +5492,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2559 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:844 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:866 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
@@ -6002,7 +6002,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:676
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:695
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6017,7 +6017,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:690
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:709
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6032,12 +6032,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:701
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:720
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:704
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:723
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6058,19 +6058,24 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:715
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:734
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:718
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:737
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173
+#: sssd-ipa.5.xml:173 sssd-ad.5.xml:742
+msgid "NOTE: This option currently supports only one interface."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:176
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -6078,22 +6083,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:179
+#: sssd-ipa.5.xml:182
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:185
+#: sssd-ipa.5.xml:188
msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:192
+#: sssd-ipa.5.xml:195
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
@@ -6105,12 +6110,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:729
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:751
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:732
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:754
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6118,174 +6123,174 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:745
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:767
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:748
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:770
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:235
+#: sssd-ipa.5.xml:238
msgid ""
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:241
+#: sssd-ipa.5.xml:244
msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:759
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:781
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:762
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:784
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:766
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:788
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260
+#: sssd-ipa.5.xml:263
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263
+#: sssd-ipa.5.xml:266
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:270
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273
+#: sssd-ipa.5.xml:276
msgid "ipa_host_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276
+#: sssd-ipa.5.xml:279
msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:283 sssd-ipa.5.xml:302 sssd-ipa.5.xml:321 sssd-ipa.5.xml:340
+#: sssd-ipa.5.xml:359
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:288 sssd-ipa.5.xml:307 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:295
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:295
+#: sssd-ipa.5.xml:298
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:311
+#: sssd-ipa.5.xml:314
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:314
+#: sssd-ipa.5.xml:317
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:326
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:330
+#: sssd-ipa.5.xml:333
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:333
+#: sssd-ipa.5.xml:336
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:345
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:349
+#: sssd-ipa.5.xml:352
msgid "ipa_views_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:352
+#: sssd-ipa.5.xml:355
msgid "Optional. Use the given string as search base for views containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:364
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368 sssd-krb5.5.xml:245
+#: sssd-ipa.5.xml:371 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:374
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378 sssd-ad.5.xml:787
+#: sssd-ipa.5.xml:381 sssd-ad.5.xml:809
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:388
+#: sssd-ipa.5.xml:391
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:395
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:403
+#: sssd-ipa.5.xml:406
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -6293,24 +6298,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:416 sssd-krb5.5.xml:407
+#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:407
msgid "krb5_use_fast (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:410
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:410
msgid ""
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:424
+#: sssd-ipa.5.xml:427
msgid "<emphasis>never</emphasis> use FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:430
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it. This is equivalent to not setting "
@@ -6318,19 +6323,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:433 sssd-krb5.5.xml:424
+#: sssd-ipa.5.xml:436 sssd-krb5.5.xml:424
msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:438
+#: sssd-ipa.5.xml:441
msgid "Default: try"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:441 sssd-krb5.5.xml:435
+#: sssd-ipa.5.xml:444 sssd-krb5.5.xml:435
msgid ""
"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
"SSSD is used with an older version of MIT Kerberos, using this option is a "
@@ -6338,37 +6343,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:794
+#: sssd-ipa.5.xml:453 sssd-ad.5.xml:816
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:453 sssd-ad.5.xml:797
+#: sssd-ipa.5.xml:456 sssd-ad.5.xml:819
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:457 sssd-ad.5.xml:801
+#: sssd-ipa.5.xml:460 sssd-ad.5.xml:823
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:805
+#: sssd-ipa.5.xml:464 sssd-ad.5.xml:827
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:468
+#: sssd-ipa.5.xml:471
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:474
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -6376,17 +6381,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:478 sssd-ipa.5.xml:494 sssd-ad.5.xml:330
+#: sssd-ipa.5.xml:481 sssd-ipa.5.xml:497 sssd-ad.5.xml:344
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:484
+#: sssd-ipa.5.xml:487
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:490
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -6394,12 +6399,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:503
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:506
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -6408,209 +6413,209 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:515
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:517
+#: sssd-ipa.5.xml:520
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:522
+#: sssd-ipa.5.xml:525
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:531
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:534
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:535
+#: sssd-ipa.5.xml:538
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:549
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:549
+#: sssd-ipa.5.xml:552
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:552
+#: sssd-ipa.5.xml:555
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:560
+#: sssd-ipa.5.xml:563
msgid "VIEWS AND OVERRIDES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:572
msgid "ipa_view_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:572
+#: sssd-ipa.5.xml:575
msgid "Objectclass of the view container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:578
msgid "Default: nsContainer"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:581
+#: sssd-ipa.5.xml:584
msgid "ipa_view_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:584
+#: sssd-ipa.5.xml:587
msgid "Name of the attribute holding the name of the view."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:594
+#: sssd-ipa.5.xml:597
msgid "ipa_overide_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:597
+#: sssd-ipa.5.xml:600
msgid "Objectclass of the override objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:600
+#: sssd-ipa.5.xml:603
msgid "Default: ipaOverrideAnchor"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:606
+#: sssd-ipa.5.xml:609
msgid "ipa_anchor_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:612
msgid ""
"Name of the attribute containing the reference to the original object in a "
"remote domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:613
+#: sssd-ipa.5.xml:616
msgid "Default: ipaAnchorUUID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
+#: sssd-ipa.5.xml:622
msgid "ipa_user_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
+#: sssd-ipa.5.xml:625
msgid ""
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:627
+#: sssd-ipa.5.xml:630
msgid "User overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:630
+#: sssd-ipa.5.xml:633
msgid "ldap_user_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:633
+#: sssd-ipa.5.xml:636
msgid "ldap_user_uid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:636
+#: sssd-ipa.5.xml:639
msgid "ldap_user_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:639
+#: sssd-ipa.5.xml:642
msgid "ldap_user_gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:642
+#: sssd-ipa.5.xml:645
msgid "ldap_user_home_directory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:645
+#: sssd-ipa.5.xml:648
msgid "ldap_user_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:651
msgid "ldap_user_ssh_public_key"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:653
+#: sssd-ipa.5.xml:656
msgid "Default: ipaUserOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:659
+#: sssd-ipa.5.xml:662
msgid "ipa_group_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:662
+#: sssd-ipa.5.xml:665
msgid ""
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:667
+#: sssd-ipa.5.xml:670
msgid "Group overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:670
+#: sssd-ipa.5.xml:673
msgid "ldap_group_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:673
+#: sssd-ipa.5.xml:676
msgid "ldap_group_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:678
+#: sssd-ipa.5.xml:681
msgid "Default: ipaGroupOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:565
msgid ""
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
@@ -6620,19 +6625,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:688
+#: sssd-ipa.5.xml:691
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:690
+#: sssd-ipa.5.xml:693
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:694
+#: sssd-ipa.5.xml:697
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6640,7 +6645,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:700
+#: sssd-ipa.5.xml:703
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6652,7 +6657,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:717
+#: sssd-ipa.5.xml:720
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6660,7 +6665,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:724
+#: sssd-ipa.5.xml:727
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6900,17 +6905,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225
+#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:231
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "ad_site (string)"
+msgstr "re_expression (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:245
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:248
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -6919,7 +6938,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:242
+#: sssd-ad.5.xml:256
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -6928,12 +6947,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:270
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:259
+#: sssd-ad.5.xml:273
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -6943,14 +6962,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268
+#: sssd-ad.5.xml:282
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:274
+#: sssd-ad.5.xml:288
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -6963,23 +6982,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:287
+#: sssd-ad.5.xml:301
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:291
+#: sssd-ad.5.xml:305
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:297
+#: sssd-ad.5.xml:311
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:303
+#: sssd-ad.5.xml:317
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -6987,17 +7006,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:314
+#: sssd-ad.5.xml:328
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:320
+#: sssd-ad.5.xml:334
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:323
+#: sssd-ad.5.xml:337
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7005,12 +7024,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:336
+#: sssd-ad.5.xml:350
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:339
+#: sssd-ad.5.xml:353
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7018,7 +7037,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:345
+#: sssd-ad.5.xml:359
msgid ""
"Note: Using the Group Policy Management Editor this value "
"InteractiveLogonRight is called \"Allow log on locally\" and \"Deny log on "
@@ -7026,7 +7045,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:359
+#: sssd-ad.5.xml:373
#, no-wrap
msgid ""
" ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7034,7 +7053,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:350
+#: sssd-ad.5.xml:364
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7046,53 +7065,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:363 sssd-ad.5.xml:434 sssd-ad.5.xml:469 sssd-ad.5.xml:509
-#: sssd-ad.5.xml:570
+#: sssd-ad.5.xml:377 sssd-ad.5.xml:448 sssd-ad.5.xml:483 sssd-ad.5.xml:523
+#: sssd-ad.5.xml:584
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:381
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:372
+#: sssd-ad.5.xml:386
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:377
+#: sssd-ad.5.xml:391
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:396
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:387
+#: sssd-ad.5.xml:401
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:406
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:397
+#: sssd-ad.5.xml:411
msgid "kdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:406
+#: sssd-ad.5.xml:420
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:423
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7100,7 +7119,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:415
+#: sssd-ad.5.xml:429
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7108,7 +7127,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:430
+#: sssd-ad.5.xml:444
#, no-wrap
msgid ""
" ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7116,7 +7135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:435
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7128,17 +7147,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:452
msgid "sshd"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:461
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:450
+#: sssd-ad.5.xml:464
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7146,7 +7165,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:479
#, no-wrap
msgid ""
" ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7154,7 +7173,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:456
+#: sssd-ad.5.xml:470
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7166,22 +7185,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:487
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:478
+#: sssd-ad.5.xml:492
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:487
+#: sssd-ad.5.xml:501
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:504
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7189,7 +7208,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:519
#, no-wrap
msgid ""
" ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7197,7 +7216,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:510
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7209,17 +7228,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:527
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:522
+#: sssd-ad.5.xml:536
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:525
+#: sssd-ad.5.xml:539
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7227,7 +7246,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:539
+#: sssd-ad.5.xml:553
#, no-wrap
msgid ""
" ad_gpo_map_service = +my_pam_service\n"
@@ -7235,7 +7254,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:531 sssd-ad.5.xml:596
+#: sssd-ad.5.xml:545 sssd-ad.5.xml:615
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7246,19 +7265,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:549
+#: sssd-ad.5.xml:563
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:552
+#: sssd-ad.5.xml:566
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:580
#, no-wrap
msgid ""
" ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7266,7 +7285,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:557
+#: sssd-ad.5.xml:571
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7278,29 +7297,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:574
+#: sssd-ad.5.xml:588
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:579
+#: sssd-ad.5.xml:593
msgid "sudo-i"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:598
+msgid "systemd-user"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:588
+#: sssd-ad.5.xml:607
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:591
+#: sssd-ad.5.xml:610
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:604
+#: sssd-ad.5.xml:623
#, no-wrap
msgid ""
" ad_gpo_map_deny = +my_pam_service\n"
@@ -7308,12 +7332,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:614
+#: sssd-ad.5.xml:633
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:636
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7326,52 +7350,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:649
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:634
+#: sssd-ad.5.xml:653
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:639
+#: sssd-ad.5.xml:658
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:663
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:649
+#: sssd-ad.5.xml:668
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:654
+#: sssd-ad.5.xml:673
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:659
+#: sssd-ad.5.xml:678
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:683
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:689
msgid "Default: deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:679
+#: sssd-ad.5.xml:698
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7382,34 +7406,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:709
+#: sssd-ad.5.xml:728
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:745
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:753 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:775 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:775 sssd-krb5.5.xml:496
+#: sssd-ad.5.xml:797 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:778 sssd-krb5.5.xml:499
+#: sssd-ad.5.xml:800 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:823
+#: sssd-ad.5.xml:845
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7417,7 +7441,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:852
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7432,7 +7456,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:850
+#: sssd-ad.5.xml:872
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7441,7 +7465,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:846
+#: sssd-ad.5.xml:868
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7449,7 +7473,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:856
+#: sssd-ad.5.xml:878
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7916,7 +7940,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -9524,7 +9548,9 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_ssh_authorizedkeys.1.xml:58
#, no-wrap
-msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -9532,19 +9558,20 @@ msgstr ""
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by putting the following directive "
-"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:69
+#: sss_ssh_authorizedkeys.1.xml:70
#, no-wrap
msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:63
msgid ""
"If <quote>PubkeyAgent</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -9555,18 +9582,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:84
+#: sss_ssh_authorizedkeys.1.xml:85
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
diff --git a/src/man/po/pt.po b/src/man/po/pt.po
index fcdde1eb3..15534e18d 100644
--- a/src/man/po/pt.po
+++ b/src/man/po/pt.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.2\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-01-08 18:14+0100\n"
+"POT-Creation-Date: 2015-02-18 16:52+0100\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/"
@@ -88,7 +88,7 @@ msgstr ""
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "Opções"
@@ -252,8 +252,8 @@ msgstr ""
#: sssd.conf.5.xml:81 sssd.conf.5.xml:571 sssd.conf.5.xml:1014
#: sssd-ldap.5.xml:1625 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1784
#: sssd-ldap.5.xml:2273 sssd-ldap.5.xml:2338 sssd-ldap.5.xml:2356
-#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:410 sssd-ad.5.xml:166 sssd-ad.5.xml:250
-#: sssd-ad.5.xml:695 sssd-ad.5.xml:784 sssd-krb5.5.xml:490
+#: sssd-ipa.5.xml:378 sssd-ipa.5.xml:413 sssd-ad.5.xml:166 sssd-ad.5.xml:264
+#: sssd-ad.5.xml:714 sssd-ad.5.xml:806 sssd-krb5.5.xml:490
msgid "Default: true"
msgstr ""
@@ -273,7 +273,7 @@ msgstr ""
#: sssd.conf.5.xml:94 sssd.conf.5.xml:968 sssd.conf.5.xml:2043
#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1499 sssd-ldap.5.xml:1518
#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:2060 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:540 sssd-krb5.5.xml:257
+#: sssd-ipa.5.xml:208 sssd-ipa.5.xml:543 sssd-krb5.5.xml:257
#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
msgid "Default: false"
msgstr "Padrão: false"
@@ -387,7 +387,7 @@ msgid ""
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter described the list of domains in the order you want "
"them to be queried. A domain name should only consist of alphanumeric ASCII "
-"characters, dashes and underscores."
+"characters, dashes, dots and underscores."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -574,8 +574,8 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:336 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1458
-#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:543
-#: sssd-ad.5.xml:608 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
+#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:557
+#: sssd-ad.5.xml:627 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
#: include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
@@ -1727,7 +1727,7 @@ msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:224
msgid "Default: 0 (disabled)"
msgstr ""
@@ -2651,7 +2651,7 @@ msgstr "Padrão: None, nenhum comando é executado"
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:2246 sssd-ldap.5.xml:2518 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:715 sssd-ad.5.xml:821 sssd-krb5.5.xml:519
+#: sssd-ipa.5.xml:718 sssd-ad.5.xml:843 sssd-krb5.5.xml:519
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "EXEMPLO"
@@ -3557,7 +3557,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:738 sssd-ldap.5.xml:831 sssd-ldap.5.xml:1058
#: sssd-ldap.5.xml:1132 sssd-ldap.5.xml:2102 sssd-ldap.5.xml:2441
-#: sssd-ipa.5.xml:588
+#: sssd-ipa.5.xml:591
msgid "Default: cn"
msgstr "Padrão: NC"
@@ -4317,7 +4317,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1479
msgid ""
-"Specifies acceptable cipher suites. Typically this is a colon separated "
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
msgstr ""
@@ -4479,7 +4479,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:739
+#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:761
msgid "Default: 86400 (24 hours)"
msgstr "Padrão: 86400 (24 horas)"
@@ -4517,7 +4517,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:385 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:388 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (string)"
@@ -4532,7 +4532,7 @@ msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:400 sssd-krb5.5.xml:453
+#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:403 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (boolean)"
@@ -5463,7 +5463,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: sssd-ldap.5.xml:2525 sssd-ldap.5.xml:2543 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:723 sssd-ad.5.xml:829 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ipa.5.xml:726 sssd-ad.5.xml:851 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
@@ -5498,7 +5498,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2559 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:844 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:866 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "NOTAS"
@@ -6008,7 +6008,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:676
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:695
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6023,7 +6023,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:690
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:709
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6038,12 +6038,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:701
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:720
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:704
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:723
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6064,19 +6064,24 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:715
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:734
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:718
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:737
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173
+#: sssd-ipa.5.xml:173 sssd-ad.5.xml:742
+msgid "NOTE: This option currently supports only one interface."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:176
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -6084,22 +6089,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:179
+#: sssd-ipa.5.xml:182
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:185
+#: sssd-ipa.5.xml:188
msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:192
+#: sssd-ipa.5.xml:195
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
@@ -6111,12 +6116,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:729
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:751
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:732
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:754
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6124,174 +6129,174 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:745
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:767
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:748
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:770
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:235
+#: sssd-ipa.5.xml:238
msgid ""
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:241
+#: sssd-ipa.5.xml:244
msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:759
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:781
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:762
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:784
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:766
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:788
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260
+#: sssd-ipa.5.xml:263
msgid "ipa_hbac_search_base (string)"
msgstr "ipa_hbac_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263
+#: sssd-ipa.5.xml:266
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:270
msgid "Default: Use base DN"
msgstr "Default: Use base DN"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273
+#: sssd-ipa.5.xml:276
msgid "ipa_host_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276
+#: sssd-ipa.5.xml:279
msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:283 sssd-ipa.5.xml:302 sssd-ipa.5.xml:321 sssd-ipa.5.xml:340
+#: sssd-ipa.5.xml:359
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:288 sssd-ipa.5.xml:307 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:295
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:295
+#: sssd-ipa.5.xml:298
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:311
+#: sssd-ipa.5.xml:314
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:314
+#: sssd-ipa.5.xml:317
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:326
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:330
+#: sssd-ipa.5.xml:333
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:333
+#: sssd-ipa.5.xml:336
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:345
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:349
+#: sssd-ipa.5.xml:352
msgid "ipa_views_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:352
+#: sssd-ipa.5.xml:355
msgid "Optional. Use the given string as search base for views containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:364
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368 sssd-krb5.5.xml:245
+#: sssd-ipa.5.xml:371 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:374
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378 sssd-ad.5.xml:787
+#: sssd-ipa.5.xml:381 sssd-ad.5.xml:809
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:388
+#: sssd-ipa.5.xml:391
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:395
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:403
+#: sssd-ipa.5.xml:406
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -6299,24 +6304,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:416 sssd-krb5.5.xml:407
+#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:407
msgid "krb5_use_fast (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:410
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:410
msgid ""
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:424
+#: sssd-ipa.5.xml:427
msgid "<emphasis>never</emphasis> use FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:430
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it. This is equivalent to not setting "
@@ -6324,19 +6329,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:433 sssd-krb5.5.xml:424
+#: sssd-ipa.5.xml:436 sssd-krb5.5.xml:424
msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:438
+#: sssd-ipa.5.xml:441
msgid "Default: try"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:441 sssd-krb5.5.xml:435
+#: sssd-ipa.5.xml:444 sssd-krb5.5.xml:435
msgid ""
"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
"SSSD is used with an older version of MIT Kerberos, using this option is a "
@@ -6344,39 +6349,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:794
+#: sssd-ipa.5.xml:453 sssd-ad.5.xml:816
#, fuzzy
#| msgid "krb5_ccname_template (string)"
msgid "krb5_confd_path (string)"
msgstr "krb5_ccname_template (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:453 sssd-ad.5.xml:797
+#: sssd-ipa.5.xml:456 sssd-ad.5.xml:819
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:457 sssd-ad.5.xml:801
+#: sssd-ipa.5.xml:460 sssd-ad.5.xml:823
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:805
+#: sssd-ipa.5.xml:464 sssd-ad.5.xml:827
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:468
+#: sssd-ipa.5.xml:471
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:474
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -6384,17 +6389,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:478 sssd-ipa.5.xml:494 sssd-ad.5.xml:330
+#: sssd-ipa.5.xml:481 sssd-ipa.5.xml:497 sssd-ad.5.xml:344
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:484
+#: sssd-ipa.5.xml:487
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:490
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -6402,12 +6407,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:503
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:506
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -6416,209 +6421,209 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:515
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:517
+#: sssd-ipa.5.xml:520
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:522
+#: sssd-ipa.5.xml:525
msgid "Default: DENY_ALL"
msgstr "Padrão: DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:531
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:534
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:535
+#: sssd-ipa.5.xml:538
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:549
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:549
+#: sssd-ipa.5.xml:552
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:552
+#: sssd-ipa.5.xml:555
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:560
+#: sssd-ipa.5.xml:563
msgid "VIEWS AND OVERRIDES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:572
msgid "ipa_view_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:572
+#: sssd-ipa.5.xml:575
msgid "Objectclass of the view container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:578
msgid "Default: nsContainer"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:581
+#: sssd-ipa.5.xml:584
msgid "ipa_view_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:584
+#: sssd-ipa.5.xml:587
msgid "Name of the attribute holding the name of the view."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:594
+#: sssd-ipa.5.xml:597
msgid "ipa_overide_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:597
+#: sssd-ipa.5.xml:600
msgid "Objectclass of the override objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:600
+#: sssd-ipa.5.xml:603
msgid "Default: ipaOverrideAnchor"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:606
+#: sssd-ipa.5.xml:609
msgid "ipa_anchor_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:612
msgid ""
"Name of the attribute containing the reference to the original object in a "
"remote domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:613
+#: sssd-ipa.5.xml:616
msgid "Default: ipaAnchorUUID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
+#: sssd-ipa.5.xml:622
msgid "ipa_user_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
+#: sssd-ipa.5.xml:625
msgid ""
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:627
+#: sssd-ipa.5.xml:630
msgid "User overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:630
+#: sssd-ipa.5.xml:633
msgid "ldap_user_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:633
+#: sssd-ipa.5.xml:636
msgid "ldap_user_uid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:636
+#: sssd-ipa.5.xml:639
msgid "ldap_user_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:639
+#: sssd-ipa.5.xml:642
msgid "ldap_user_gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:642
+#: sssd-ipa.5.xml:645
msgid "ldap_user_home_directory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:645
+#: sssd-ipa.5.xml:648
msgid "ldap_user_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:651
msgid "ldap_user_ssh_public_key"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:653
+#: sssd-ipa.5.xml:656
msgid "Default: ipaUserOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:659
+#: sssd-ipa.5.xml:662
msgid "ipa_group_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:662
+#: sssd-ipa.5.xml:665
msgid ""
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:667
+#: sssd-ipa.5.xml:670
msgid "Group overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:670
+#: sssd-ipa.5.xml:673
msgid "ldap_group_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:673
+#: sssd-ipa.5.xml:676
msgid "ldap_group_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:678
+#: sssd-ipa.5.xml:681
msgid "Default: ipaGroupOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:565
msgid ""
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
@@ -6628,19 +6633,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:688
+#: sssd-ipa.5.xml:691
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:690
+#: sssd-ipa.5.xml:693
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:694
+#: sssd-ipa.5.xml:697
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6648,7 +6653,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:700
+#: sssd-ipa.5.xml:703
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6660,7 +6665,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:717
+#: sssd-ipa.5.xml:720
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6668,7 +6673,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:724
+#: sssd-ipa.5.xml:727
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6912,17 +6917,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225
+#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:231
+#, fuzzy
+#| msgid "ipa_hostname (string)"
+msgid "ad_site (string)"
+msgstr "ipa_hostname (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:245
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:248
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -6931,7 +6950,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:242
+#: sssd-ad.5.xml:256
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -6940,12 +6959,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:270
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:259
+#: sssd-ad.5.xml:273
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -6955,14 +6974,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268
+#: sssd-ad.5.xml:282
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:274
+#: sssd-ad.5.xml:288
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -6975,23 +6994,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:287
+#: sssd-ad.5.xml:301
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:291
+#: sssd-ad.5.xml:305
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:297
+#: sssd-ad.5.xml:311
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:303
+#: sssd-ad.5.xml:317
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -6999,17 +7018,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:314
+#: sssd-ad.5.xml:328
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:320
+#: sssd-ad.5.xml:334
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:323
+#: sssd-ad.5.xml:337
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7017,12 +7036,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:336
+#: sssd-ad.5.xml:350
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:339
+#: sssd-ad.5.xml:353
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7030,7 +7049,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:345
+#: sssd-ad.5.xml:359
msgid ""
"Note: Using the Group Policy Management Editor this value "
"InteractiveLogonRight is called \"Allow log on locally\" and \"Deny log on "
@@ -7038,7 +7057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:359
+#: sssd-ad.5.xml:373
#, no-wrap
msgid ""
" ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7046,7 +7065,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:350
+#: sssd-ad.5.xml:364
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7058,53 +7077,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:363 sssd-ad.5.xml:434 sssd-ad.5.xml:469 sssd-ad.5.xml:509
-#: sssd-ad.5.xml:570
+#: sssd-ad.5.xml:377 sssd-ad.5.xml:448 sssd-ad.5.xml:483 sssd-ad.5.xml:523
+#: sssd-ad.5.xml:584
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:381
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:372
+#: sssd-ad.5.xml:386
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:377
+#: sssd-ad.5.xml:391
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:396
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:387
+#: sssd-ad.5.xml:401
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:406
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:397
+#: sssd-ad.5.xml:411
msgid "kdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:406
+#: sssd-ad.5.xml:420
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:423
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7112,7 +7131,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:415
+#: sssd-ad.5.xml:429
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7120,7 +7139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:430
+#: sssd-ad.5.xml:444
#, no-wrap
msgid ""
" ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7128,7 +7147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:435
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7140,17 +7159,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:452
msgid "sshd"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:461
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:450
+#: sssd-ad.5.xml:464
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7158,7 +7177,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:479
#, no-wrap
msgid ""
" ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7166,7 +7185,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:456
+#: sssd-ad.5.xml:470
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7178,22 +7197,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:487
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:478
+#: sssd-ad.5.xml:492
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:487
+#: sssd-ad.5.xml:501
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:504
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7201,7 +7220,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:519
#, no-wrap
msgid ""
" ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7209,7 +7228,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:510
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7221,17 +7240,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:527
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:522
+#: sssd-ad.5.xml:536
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:525
+#: sssd-ad.5.xml:539
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7239,7 +7258,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:539
+#: sssd-ad.5.xml:553
#, no-wrap
msgid ""
" ad_gpo_map_service = +my_pam_service\n"
@@ -7247,7 +7266,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:531 sssd-ad.5.xml:596
+#: sssd-ad.5.xml:545 sssd-ad.5.xml:615
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7258,19 +7277,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:549
+#: sssd-ad.5.xml:563
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:552
+#: sssd-ad.5.xml:566
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:580
#, no-wrap
msgid ""
" ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7278,7 +7297,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:557
+#: sssd-ad.5.xml:571
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7290,29 +7309,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:574
+#: sssd-ad.5.xml:588
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:579
+#: sssd-ad.5.xml:593
msgid "sudo-i"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:598
+msgid "systemd-user"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:588
+#: sssd-ad.5.xml:607
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:591
+#: sssd-ad.5.xml:610
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:604
+#: sssd-ad.5.xml:623
#, no-wrap
msgid ""
" ad_gpo_map_deny = +my_pam_service\n"
@@ -7320,12 +7344,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:614
+#: sssd-ad.5.xml:633
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:636
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7338,52 +7362,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:649
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:634
+#: sssd-ad.5.xml:653
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:639
+#: sssd-ad.5.xml:658
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:663
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:649
+#: sssd-ad.5.xml:668
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:654
+#: sssd-ad.5.xml:673
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:659
+#: sssd-ad.5.xml:678
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:683
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:689
msgid "Default: deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:679
+#: sssd-ad.5.xml:698
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7394,34 +7418,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:709
+#: sssd-ad.5.xml:728
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:745
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:753 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:775 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr "Padrão: TRUE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:775 sssd-krb5.5.xml:496
+#: sssd-ad.5.xml:797 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:778 sssd-krb5.5.xml:499
+#: sssd-ad.5.xml:800 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:823
+#: sssd-ad.5.xml:845
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7429,7 +7453,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:852
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7444,7 +7468,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:850
+#: sssd-ad.5.xml:872
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7453,7 +7477,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:846
+#: sssd-ad.5.xml:868
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7461,7 +7485,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:856
+#: sssd-ad.5.xml:878
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7935,7 +7959,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -9556,7 +9580,9 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_ssh_authorizedkeys.1.xml:58
#, no-wrap
-msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -9564,19 +9590,20 @@ msgstr ""
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by putting the following directive "
-"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:69
+#: sss_ssh_authorizedkeys.1.xml:70
#, no-wrap
msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:63
msgid ""
"If <quote>PubkeyAgent</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -9587,18 +9614,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:84
+#: sss_ssh_authorizedkeys.1.xml:85
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
diff --git a/src/man/po/ru.po b/src/man/po/ru.po
index 5f4dd322c..ea5bc2357 100644
--- a/src/man/po/ru.po
+++ b/src/man/po/ru.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.2\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-01-08 18:14+0100\n"
+"POT-Creation-Date: 2015-02-18 16:52+0100\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Russian (http://www.transifex.com/projects/p/sssd/language/"
@@ -84,7 +84,7 @@ msgstr ""
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "ОПЦИИ"
@@ -229,8 +229,8 @@ msgstr ""
#: sssd.conf.5.xml:81 sssd.conf.5.xml:571 sssd.conf.5.xml:1014
#: sssd-ldap.5.xml:1625 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1784
#: sssd-ldap.5.xml:2273 sssd-ldap.5.xml:2338 sssd-ldap.5.xml:2356
-#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:410 sssd-ad.5.xml:166 sssd-ad.5.xml:250
-#: sssd-ad.5.xml:695 sssd-ad.5.xml:784 sssd-krb5.5.xml:490
+#: sssd-ipa.5.xml:378 sssd-ipa.5.xml:413 sssd-ad.5.xml:166 sssd-ad.5.xml:264
+#: sssd-ad.5.xml:714 sssd-ad.5.xml:806 sssd-krb5.5.xml:490
msgid "Default: true"
msgstr ""
@@ -250,7 +250,7 @@ msgstr ""
#: sssd.conf.5.xml:94 sssd.conf.5.xml:968 sssd.conf.5.xml:2043
#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1499 sssd-ldap.5.xml:1518
#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:2060 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:540 sssd-krb5.5.xml:257
+#: sssd-ipa.5.xml:208 sssd-ipa.5.xml:543 sssd-krb5.5.xml:257
#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
msgid "Default: false"
msgstr "По умолчанию: false"
@@ -358,7 +358,7 @@ msgid ""
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter described the list of domains in the order you want "
"them to be queried. A domain name should only consist of alphanumeric ASCII "
-"characters, dashes and underscores."
+"characters, dashes, dots and underscores."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -543,8 +543,8 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:336 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1458
-#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:543
-#: sssd-ad.5.xml:608 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
+#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:557
+#: sssd-ad.5.xml:627 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
#: include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
@@ -1696,7 +1696,7 @@ msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:224
msgid "Default: 0 (disabled)"
msgstr ""
@@ -2620,7 +2620,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:2246 sssd-ldap.5.xml:2518 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:715 sssd-ad.5.xml:821 sssd-krb5.5.xml:519
+#: sssd-ipa.5.xml:718 sssd-ad.5.xml:843 sssd-krb5.5.xml:519
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "ПРИМЕР"
@@ -3496,7 +3496,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:738 sssd-ldap.5.xml:831 sssd-ldap.5.xml:1058
#: sssd-ldap.5.xml:1132 sssd-ldap.5.xml:2102 sssd-ldap.5.xml:2441
-#: sssd-ipa.5.xml:588
+#: sssd-ipa.5.xml:591
msgid "Default: cn"
msgstr ""
@@ -4252,7 +4252,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1479
msgid ""
-"Specifies acceptable cipher suites. Typically this is a colon separated "
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
msgstr ""
@@ -4413,7 +4413,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:739
+#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:761
msgid "Default: 86400 (24 hours)"
msgstr ""
@@ -4451,7 +4451,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:385 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:388 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
@@ -4466,7 +4466,7 @@ msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:400 sssd-krb5.5.xml:453
+#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:403 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
@@ -5397,7 +5397,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: sssd-ldap.5.xml:2525 sssd-ldap.5.xml:2543 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:723 sssd-ad.5.xml:829 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ipa.5.xml:726 sssd-ad.5.xml:851 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -5432,7 +5432,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2559 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:844 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:866 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
@@ -5942,7 +5942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:676
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:695
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5957,7 +5957,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:690
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:709
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5972,12 +5972,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:701
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:720
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:704
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:723
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -5998,19 +5998,24 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:715
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:734
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:718
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:737
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173
+#: sssd-ipa.5.xml:173 sssd-ad.5.xml:742
+msgid "NOTE: This option currently supports only one interface."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:176
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -6018,22 +6023,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:179
+#: sssd-ipa.5.xml:182
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:185
+#: sssd-ipa.5.xml:188
msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:192
+#: sssd-ipa.5.xml:195
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
@@ -6045,12 +6050,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:729
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:751
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:732
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:754
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6058,174 +6063,174 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:745
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:767
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:748
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:770
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:235
+#: sssd-ipa.5.xml:238
msgid ""
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:241
+#: sssd-ipa.5.xml:244
msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:759
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:781
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:762
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:784
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:766
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:788
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260
+#: sssd-ipa.5.xml:263
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263
+#: sssd-ipa.5.xml:266
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:270
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273
+#: sssd-ipa.5.xml:276
msgid "ipa_host_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276
+#: sssd-ipa.5.xml:279
msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:283 sssd-ipa.5.xml:302 sssd-ipa.5.xml:321 sssd-ipa.5.xml:340
+#: sssd-ipa.5.xml:359
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:288 sssd-ipa.5.xml:307 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:295
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:295
+#: sssd-ipa.5.xml:298
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:311
+#: sssd-ipa.5.xml:314
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:314
+#: sssd-ipa.5.xml:317
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:326
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:330
+#: sssd-ipa.5.xml:333
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:333
+#: sssd-ipa.5.xml:336
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:345
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:349
+#: sssd-ipa.5.xml:352
msgid "ipa_views_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:352
+#: sssd-ipa.5.xml:355
msgid "Optional. Use the given string as search base for views containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:364
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368 sssd-krb5.5.xml:245
+#: sssd-ipa.5.xml:371 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:374
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378 sssd-ad.5.xml:787
+#: sssd-ipa.5.xml:381 sssd-ad.5.xml:809
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:388
+#: sssd-ipa.5.xml:391
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:395
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:403
+#: sssd-ipa.5.xml:406
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -6233,24 +6238,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:416 sssd-krb5.5.xml:407
+#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:407
msgid "krb5_use_fast (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:410
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:410
msgid ""
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:424
+#: sssd-ipa.5.xml:427
msgid "<emphasis>never</emphasis> use FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:430
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it. This is equivalent to not setting "
@@ -6258,19 +6263,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:433 sssd-krb5.5.xml:424
+#: sssd-ipa.5.xml:436 sssd-krb5.5.xml:424
msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:438
+#: sssd-ipa.5.xml:441
msgid "Default: try"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:441 sssd-krb5.5.xml:435
+#: sssd-ipa.5.xml:444 sssd-krb5.5.xml:435
msgid ""
"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
"SSSD is used with an older version of MIT Kerberos, using this option is a "
@@ -6278,37 +6283,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:794
+#: sssd-ipa.5.xml:453 sssd-ad.5.xml:816
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:453 sssd-ad.5.xml:797
+#: sssd-ipa.5.xml:456 sssd-ad.5.xml:819
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:457 sssd-ad.5.xml:801
+#: sssd-ipa.5.xml:460 sssd-ad.5.xml:823
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:805
+#: sssd-ipa.5.xml:464 sssd-ad.5.xml:827
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:468
+#: sssd-ipa.5.xml:471
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:474
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -6316,17 +6321,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:478 sssd-ipa.5.xml:494 sssd-ad.5.xml:330
+#: sssd-ipa.5.xml:481 sssd-ipa.5.xml:497 sssd-ad.5.xml:344
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:484
+#: sssd-ipa.5.xml:487
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:490
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -6334,12 +6339,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:503
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:506
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -6348,209 +6353,209 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:515
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:517
+#: sssd-ipa.5.xml:520
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:522
+#: sssd-ipa.5.xml:525
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:531
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:534
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:535
+#: sssd-ipa.5.xml:538
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:549
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:549
+#: sssd-ipa.5.xml:552
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:552
+#: sssd-ipa.5.xml:555
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:560
+#: sssd-ipa.5.xml:563
msgid "VIEWS AND OVERRIDES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:572
msgid "ipa_view_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:572
+#: sssd-ipa.5.xml:575
msgid "Objectclass of the view container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:578
msgid "Default: nsContainer"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:581
+#: sssd-ipa.5.xml:584
msgid "ipa_view_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:584
+#: sssd-ipa.5.xml:587
msgid "Name of the attribute holding the name of the view."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:594
+#: sssd-ipa.5.xml:597
msgid "ipa_overide_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:597
+#: sssd-ipa.5.xml:600
msgid "Objectclass of the override objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:600
+#: sssd-ipa.5.xml:603
msgid "Default: ipaOverrideAnchor"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:606
+#: sssd-ipa.5.xml:609
msgid "ipa_anchor_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:612
msgid ""
"Name of the attribute containing the reference to the original object in a "
"remote domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:613
+#: sssd-ipa.5.xml:616
msgid "Default: ipaAnchorUUID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
+#: sssd-ipa.5.xml:622
msgid "ipa_user_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
+#: sssd-ipa.5.xml:625
msgid ""
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:627
+#: sssd-ipa.5.xml:630
msgid "User overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:630
+#: sssd-ipa.5.xml:633
msgid "ldap_user_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:633
+#: sssd-ipa.5.xml:636
msgid "ldap_user_uid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:636
+#: sssd-ipa.5.xml:639
msgid "ldap_user_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:639
+#: sssd-ipa.5.xml:642
msgid "ldap_user_gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:642
+#: sssd-ipa.5.xml:645
msgid "ldap_user_home_directory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:645
+#: sssd-ipa.5.xml:648
msgid "ldap_user_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:651
msgid "ldap_user_ssh_public_key"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:653
+#: sssd-ipa.5.xml:656
msgid "Default: ipaUserOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:659
+#: sssd-ipa.5.xml:662
msgid "ipa_group_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:662
+#: sssd-ipa.5.xml:665
msgid ""
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:667
+#: sssd-ipa.5.xml:670
msgid "Group overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:670
+#: sssd-ipa.5.xml:673
msgid "ldap_group_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:673
+#: sssd-ipa.5.xml:676
msgid "ldap_group_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:678
+#: sssd-ipa.5.xml:681
msgid "Default: ipaGroupOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:565
msgid ""
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
@@ -6560,19 +6565,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:688
+#: sssd-ipa.5.xml:691
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:690
+#: sssd-ipa.5.xml:693
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:694
+#: sssd-ipa.5.xml:697
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6580,7 +6585,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:700
+#: sssd-ipa.5.xml:703
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6592,7 +6597,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:717
+#: sssd-ipa.5.xml:720
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6600,7 +6605,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:724
+#: sssd-ipa.5.xml:727
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6840,18 +6845,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225
+#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:231
-msgid "ad_enable_gc (boolean)"
+msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:234
msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:245
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:248
+msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
@@ -6859,7 +6876,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:242
+#: sssd-ad.5.xml:256
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -6868,12 +6885,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:270
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:259
+#: sssd-ad.5.xml:273
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -6883,14 +6900,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268
+#: sssd-ad.5.xml:282
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:274
+#: sssd-ad.5.xml:288
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -6903,23 +6920,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:287
+#: sssd-ad.5.xml:301
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:291
+#: sssd-ad.5.xml:305
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:297
+#: sssd-ad.5.xml:311
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:303
+#: sssd-ad.5.xml:317
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -6927,17 +6944,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:314
+#: sssd-ad.5.xml:328
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:320
+#: sssd-ad.5.xml:334
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:323
+#: sssd-ad.5.xml:337
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -6945,12 +6962,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:336
+#: sssd-ad.5.xml:350
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:339
+#: sssd-ad.5.xml:353
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -6958,7 +6975,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:345
+#: sssd-ad.5.xml:359
msgid ""
"Note: Using the Group Policy Management Editor this value "
"InteractiveLogonRight is called \"Allow log on locally\" and \"Deny log on "
@@ -6966,7 +6983,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:359
+#: sssd-ad.5.xml:373
#, no-wrap
msgid ""
" ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -6974,7 +6991,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:350
+#: sssd-ad.5.xml:364
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -6986,53 +7003,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:363 sssd-ad.5.xml:434 sssd-ad.5.xml:469 sssd-ad.5.xml:509
-#: sssd-ad.5.xml:570
+#: sssd-ad.5.xml:377 sssd-ad.5.xml:448 sssd-ad.5.xml:483 sssd-ad.5.xml:523
+#: sssd-ad.5.xml:584
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:381
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:372
+#: sssd-ad.5.xml:386
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:377
+#: sssd-ad.5.xml:391
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:396
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:387
+#: sssd-ad.5.xml:401
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:406
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:397
+#: sssd-ad.5.xml:411
msgid "kdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:406
+#: sssd-ad.5.xml:420
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:423
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7040,7 +7057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:415
+#: sssd-ad.5.xml:429
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7048,7 +7065,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:430
+#: sssd-ad.5.xml:444
#, no-wrap
msgid ""
" ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7056,7 +7073,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:435
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7068,17 +7085,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:452
msgid "sshd"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:461
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:450
+#: sssd-ad.5.xml:464
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7086,7 +7103,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:479
#, no-wrap
msgid ""
" ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7094,7 +7111,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:456
+#: sssd-ad.5.xml:470
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7106,22 +7123,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:487
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:478
+#: sssd-ad.5.xml:492
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:487
+#: sssd-ad.5.xml:501
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:504
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7129,7 +7146,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:519
#, no-wrap
msgid ""
" ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7137,7 +7154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:510
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7149,17 +7166,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:527
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:522
+#: sssd-ad.5.xml:536
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:525
+#: sssd-ad.5.xml:539
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7167,7 +7184,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:539
+#: sssd-ad.5.xml:553
#, no-wrap
msgid ""
" ad_gpo_map_service = +my_pam_service\n"
@@ -7175,7 +7192,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:531 sssd-ad.5.xml:596
+#: sssd-ad.5.xml:545 sssd-ad.5.xml:615
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7186,19 +7203,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:549
+#: sssd-ad.5.xml:563
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:552
+#: sssd-ad.5.xml:566
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:580
#, no-wrap
msgid ""
" ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7206,7 +7223,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:557
+#: sssd-ad.5.xml:571
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7218,29 +7235,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:574
+#: sssd-ad.5.xml:588
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:579
+#: sssd-ad.5.xml:593
msgid "sudo-i"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:598
+msgid "systemd-user"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:588
+#: sssd-ad.5.xml:607
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:591
+#: sssd-ad.5.xml:610
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:604
+#: sssd-ad.5.xml:623
#, no-wrap
msgid ""
" ad_gpo_map_deny = +my_pam_service\n"
@@ -7248,12 +7270,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:614
+#: sssd-ad.5.xml:633
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:636
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7266,52 +7288,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:649
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:634
+#: sssd-ad.5.xml:653
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:639
+#: sssd-ad.5.xml:658
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:663
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:649
+#: sssd-ad.5.xml:668
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:654
+#: sssd-ad.5.xml:673
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:659
+#: sssd-ad.5.xml:678
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:683
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:689
msgid "Default: deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:679
+#: sssd-ad.5.xml:698
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7322,34 +7344,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:709
+#: sssd-ad.5.xml:728
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:745
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:753 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:775 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:775 sssd-krb5.5.xml:496
+#: sssd-ad.5.xml:797 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:778 sssd-krb5.5.xml:499
+#: sssd-ad.5.xml:800 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:823
+#: sssd-ad.5.xml:845
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7357,7 +7379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:852
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7372,7 +7394,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:850
+#: sssd-ad.5.xml:872
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7381,7 +7403,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:846
+#: sssd-ad.5.xml:868
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7389,7 +7411,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:856
+#: sssd-ad.5.xml:878
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7856,7 +7878,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -9464,7 +9486,9 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_ssh_authorizedkeys.1.xml:58
#, no-wrap
-msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -9472,19 +9496,20 @@ msgstr ""
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by putting the following directive "
-"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:69
+#: sss_ssh_authorizedkeys.1.xml:70
#, no-wrap
msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:63
msgid ""
"If <quote>PubkeyAgent</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -9495,18 +9520,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:84
+#: sss_ssh_authorizedkeys.1.xml:85
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot
index 87768f2cb..a9da36d43 100644
--- a/src/man/po/sssd-docs.pot
+++ b/src/man/po/sssd-docs.pot
@@ -6,9 +6,9 @@
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: sssd-docs 1.12.3\n"
+"Project-Id-Version: sssd-docs 1.12.4\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-01-08 18:14+0100\n"
+"POT-Creation-Date: 2015-02-18 16:52+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -58,7 +58,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr ""
@@ -199,7 +199,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:571 sssd.conf.5.xml:1014 sssd-ldap.5.xml:1625 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1784 sssd-ldap.5.xml:2273 sssd-ldap.5.xml:2338 sssd-ldap.5.xml:2356 sssd-ipa.5.xml:375 sssd-ipa.5.xml:410 sssd-ad.5.xml:166 sssd-ad.5.xml:250 sssd-ad.5.xml:695 sssd-ad.5.xml:784 sssd-krb5.5.xml:490
+#: sssd.conf.5.xml:81 sssd.conf.5.xml:571 sssd.conf.5.xml:1014 sssd-ldap.5.xml:1625 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1784 sssd-ldap.5.xml:2273 sssd-ldap.5.xml:2338 sssd-ldap.5.xml:2356 sssd-ipa.5.xml:378 sssd-ipa.5.xml:413 sssd-ad.5.xml:166 sssd-ad.5.xml:264 sssd-ad.5.xml:714 sssd-ad.5.xml:806 sssd-krb5.5.xml:490
msgid "Default: true"
msgstr ""
@@ -216,7 +216,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:968 sssd.conf.5.xml:2043 sssd-ldap.5.xml:692 sssd-ldap.5.xml:1499 sssd-ldap.5.xml:1518 sssd-ldap.5.xml:1694 sssd-ldap.5.xml:2060 sssd-ipa.5.xml:139 sssd-ipa.5.xml:205 sssd-ipa.5.xml:540 sssd-krb5.5.xml:257 sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:968 sssd.conf.5.xml:2043 sssd-ldap.5.xml:692 sssd-ldap.5.xml:1499 sssd-ldap.5.xml:1518 sssd-ldap.5.xml:1694 sssd-ldap.5.xml:2060 sssd-ipa.5.xml:139 sssd-ipa.5.xml:208 sssd-ipa.5.xml:543 sssd-krb5.5.xml:257 sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
msgid "Default: false"
msgstr ""
@@ -323,7 +323,7 @@ msgid ""
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter described the list of domains in the order you want "
"them to be queried. A domain name should only consist of alphanumeric ASCII "
-"characters, dashes and underscores."
+"characters, dashes, dots and underscores."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -508,7 +508,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:336 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1458 sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:543 sssd-ad.5.xml:608 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:336 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1458 sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:557 sssd-ad.5.xml:627 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
@@ -1657,7 +1657,7 @@ msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:224
msgid "Default: 0 (disabled)"
msgstr ""
@@ -2576,7 +2576,7 @@ msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2246 sssd-ldap.5.xml:2518 sssd-simple.5.xml:131 sssd-ipa.5.xml:715 sssd-ad.5.xml:821 sssd-krb5.5.xml:519 sss_rpcidmapd.5.xml:98
+#: sssd.conf.5.xml:2246 sssd-ldap.5.xml:2518 sssd-simple.5.xml:131 sssd-ipa.5.xml:718 sssd-ad.5.xml:843 sssd-krb5.5.xml:519 sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
@@ -3451,7 +3451,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:738 sssd-ldap.5.xml:831 sssd-ldap.5.xml:1058 sssd-ldap.5.xml:1132 sssd-ldap.5.xml:2102 sssd-ldap.5.xml:2441 sssd-ipa.5.xml:588
+#: sssd-ldap.5.xml:738 sssd-ldap.5.xml:831 sssd-ldap.5.xml:1058 sssd-ldap.5.xml:1132 sssd-ldap.5.xml:2102 sssd-ldap.5.xml:2441 sssd-ipa.5.xml:591
msgid "Default: cn"
msgstr ""
@@ -4204,7 +4204,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1479
msgid ""
-"Specifies acceptable cipher suites. Typically this is a colon separated "
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
msgstr ""
@@ -4366,7 +4366,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:739
+#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:761
msgid "Default: 86400 (24 hours)"
msgstr ""
@@ -4405,7 +4405,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:385 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:388 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
@@ -4420,7 +4420,7 @@ msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:400 sssd-krb5.5.xml:453
+#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:403 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
@@ -5353,7 +5353,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2525 sssd-ldap.5.xml:2543 sssd-simple.5.xml:139 sssd-ipa.5.xml:723 sssd-ad.5.xml:829 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2525 sssd-ldap.5.xml:2543 sssd-simple.5.xml:139 sssd-ipa.5.xml:726 sssd-ad.5.xml:851 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -5386,7 +5386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2559 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148 sssd-ad.5.xml:844 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2559 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148 sssd-ad.5.xml:866 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
@@ -5903,7 +5903,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:676
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:695
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5918,7 +5918,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:690
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:709
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5933,12 +5933,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:701
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:720
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:704
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:723
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -5959,19 +5959,24 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:715
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:734
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:718
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:737
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173
+#: sssd-ipa.5.xml:173 sssd-ad.5.xml:742
+msgid "NOTE: This option currently supports only one interface."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:176
msgid ""
"NOTE: While it is still possible to use the old "
"<emphasis>ipa_dyndns_iface</emphasis> option, users should migrate to using "
@@ -5979,22 +5984,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:179
+#: sssd-ipa.5.xml:182
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:185
+#: sssd-ipa.5.xml:188
msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:192
+#: sssd-ipa.5.xml:195
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
@@ -6007,12 +6012,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:729
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:751
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:732
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:754
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6020,173 +6025,173 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:745
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:767
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:748
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:770
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:235
+#: sssd-ipa.5.xml:238
msgid ""
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:241
+#: sssd-ipa.5.xml:244
msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:759
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:781
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:762
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:784
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:766
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:788
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260
+#: sssd-ipa.5.xml:263
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263
+#: sssd-ipa.5.xml:266
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:270
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273
+#: sssd-ipa.5.xml:276
msgid "ipa_host_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276
+#: sssd-ipa.5.xml:279
msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337 sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:283 sssd-ipa.5.xml:302 sssd-ipa.5.xml:321 sssd-ipa.5.xml:340 sssd-ipa.5.xml:359
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:288 sssd-ipa.5.xml:307 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:295
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:295
+#: sssd-ipa.5.xml:298
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:311
+#: sssd-ipa.5.xml:314
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:314
+#: sssd-ipa.5.xml:317
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:326
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:330
+#: sssd-ipa.5.xml:333
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:333
+#: sssd-ipa.5.xml:336
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:345
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:349
+#: sssd-ipa.5.xml:352
msgid "ipa_views_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:352
+#: sssd-ipa.5.xml:355
msgid "Optional. Use the given string as search base for views containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:364
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368 sssd-krb5.5.xml:245
+#: sssd-ipa.5.xml:371 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:374
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378 sssd-ad.5.xml:787
+#: sssd-ipa.5.xml:381 sssd-ad.5.xml:809
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:388
+#: sssd-ipa.5.xml:391
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:395
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:403
+#: sssd-ipa.5.xml:406
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -6194,24 +6199,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:416 sssd-krb5.5.xml:407
+#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:407
msgid "krb5_use_fast (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:410
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:410
msgid ""
"Enables flexible authentication secure tunneling (FAST) for Kerberos "
"pre-authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:424
+#: sssd-ipa.5.xml:427
msgid "<emphasis>never</emphasis> use FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:430
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it. This is equivalent to not setting "
@@ -6219,19 +6224,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:433 sssd-krb5.5.xml:424
+#: sssd-ipa.5.xml:436 sssd-krb5.5.xml:424
msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:438
+#: sssd-ipa.5.xml:441
msgid "Default: try"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:441 sssd-krb5.5.xml:435
+#: sssd-ipa.5.xml:444 sssd-krb5.5.xml:435
msgid ""
"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
"SSSD is used with an older version of MIT Kerberos, using this option is a "
@@ -6239,36 +6244,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:794
+#: sssd-ipa.5.xml:453 sssd-ad.5.xml:816
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:453 sssd-ad.5.xml:797
+#: sssd-ipa.5.xml:456 sssd-ad.5.xml:819
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:457 sssd-ad.5.xml:801
+#: sssd-ipa.5.xml:460 sssd-ad.5.xml:823
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:805
+#: sssd-ipa.5.xml:464 sssd-ad.5.xml:827
msgid "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:468
+#: sssd-ipa.5.xml:471
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:474
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -6276,17 +6281,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:478 sssd-ipa.5.xml:494 sssd-ad.5.xml:330
+#: sssd-ipa.5.xml:481 sssd-ipa.5.xml:497 sssd-ad.5.xml:344
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:484
+#: sssd-ipa.5.xml:487
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:490
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -6294,12 +6299,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:503
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:506
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -6308,209 +6313,209 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:515
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:517
+#: sssd-ipa.5.xml:520
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:522
+#: sssd-ipa.5.xml:525
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:531
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:534
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:535
+#: sssd-ipa.5.xml:538
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:549
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:549
+#: sssd-ipa.5.xml:552
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:552
+#: sssd-ipa.5.xml:555
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:560
+#: sssd-ipa.5.xml:563
msgid "VIEWS AND OVERRIDES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:572
msgid "ipa_view_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:572
+#: sssd-ipa.5.xml:575
msgid "Objectclass of the view container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:578
msgid "Default: nsContainer"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:581
+#: sssd-ipa.5.xml:584
msgid "ipa_view_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:584
+#: sssd-ipa.5.xml:587
msgid "Name of the attribute holding the name of the view."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:594
+#: sssd-ipa.5.xml:597
msgid "ipa_overide_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:597
+#: sssd-ipa.5.xml:600
msgid "Objectclass of the override objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:600
+#: sssd-ipa.5.xml:603
msgid "Default: ipaOverrideAnchor"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:606
+#: sssd-ipa.5.xml:609
msgid "ipa_anchor_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:612
msgid ""
"Name of the attribute containing the reference to the original object in a "
"remote domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:613
+#: sssd-ipa.5.xml:616
msgid "Default: ipaAnchorUUID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
+#: sssd-ipa.5.xml:622
msgid "ipa_user_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
+#: sssd-ipa.5.xml:625
msgid ""
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:627
+#: sssd-ipa.5.xml:630
msgid "User overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:630
+#: sssd-ipa.5.xml:633
msgid "ldap_user_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:633
+#: sssd-ipa.5.xml:636
msgid "ldap_user_uid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:636
+#: sssd-ipa.5.xml:639
msgid "ldap_user_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:639
+#: sssd-ipa.5.xml:642
msgid "ldap_user_gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:642
+#: sssd-ipa.5.xml:645
msgid "ldap_user_home_directory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:645
+#: sssd-ipa.5.xml:648
msgid "ldap_user_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:651
msgid "ldap_user_ssh_public_key"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:653
+#: sssd-ipa.5.xml:656
msgid "Default: ipaUserOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:659
+#: sssd-ipa.5.xml:662
msgid "ipa_group_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:662
+#: sssd-ipa.5.xml:665
msgid ""
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:667
+#: sssd-ipa.5.xml:670
msgid "Group overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:670
+#: sssd-ipa.5.xml:673
msgid "ldap_group_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:673
+#: sssd-ipa.5.xml:676
msgid "ldap_group_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:678
+#: sssd-ipa.5.xml:681
msgid "Default: ipaGroupOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:565
msgid ""
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
@@ -6520,19 +6525,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:688
+#: sssd-ipa.5.xml:691
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:690
+#: sssd-ipa.5.xml:693
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:694
+#: sssd-ipa.5.xml:697
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6540,7 +6545,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:700
+#: sssd-ipa.5.xml:703
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of "
"sssd.conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6552,7 +6557,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:717
+#: sssd-ipa.5.xml:720
msgid ""
"The following example assumes that SSSD is correctly configured and "
"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
@@ -6560,7 +6565,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:724
+#: sssd-ipa.5.xml:727
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6802,18 +6807,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225
+#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:231
-msgid "ad_enable_gc (boolean)"
+msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:234
msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:245
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:248
+msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
@@ -6821,7 +6838,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:242
+#: sssd-ad.5.xml:256
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -6830,12 +6847,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:270
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:259
+#: sssd-ad.5.xml:273
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -6845,14 +6862,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268
+#: sssd-ad.5.xml:282
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:274
+#: sssd-ad.5.xml:288
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -6865,22 +6882,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:287
+#: sssd-ad.5.xml:301
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:291
+#: sssd-ad.5.xml:305
msgid "disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:297
+#: sssd-ad.5.xml:311
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:303
+#: sssd-ad.5.xml:317
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -6888,17 +6905,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:314
+#: sssd-ad.5.xml:328
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:320
+#: sssd-ad.5.xml:334
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:323
+#: sssd-ad.5.xml:337
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -6906,12 +6923,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:336
+#: sssd-ad.5.xml:350
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:339
+#: sssd-ad.5.xml:353
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -6919,7 +6936,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:345
+#: sssd-ad.5.xml:359
msgid ""
"Note: Using the Group Policy Management Editor this value "
"InteractiveLogonRight is called \"Allow log on locally\" and \"Deny log on "
@@ -6927,7 +6944,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:359
+#: sssd-ad.5.xml:373
#, no-wrap
msgid ""
" ad_gpo_map_interactive = +my_pam_service, "
@@ -6936,7 +6953,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:350
+#: sssd-ad.5.xml:364
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -6948,52 +6965,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:363 sssd-ad.5.xml:434 sssd-ad.5.xml:469 sssd-ad.5.xml:509 sssd-ad.5.xml:570
+#: sssd-ad.5.xml:377 sssd-ad.5.xml:448 sssd-ad.5.xml:483 sssd-ad.5.xml:523 sssd-ad.5.xml:584
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:381
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:372
+#: sssd-ad.5.xml:386
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:377
+#: sssd-ad.5.xml:391
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:396
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:387
+#: sssd-ad.5.xml:401
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:406
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:397
+#: sssd-ad.5.xml:411
msgid "kdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:406
+#: sssd-ad.5.xml:420
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:423
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7001,7 +7018,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:415
+#: sssd-ad.5.xml:429
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7009,7 +7026,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:430
+#: sssd-ad.5.xml:444
#, no-wrap
msgid ""
" ad_gpo_map_remote_interactive = "
@@ -7018,7 +7035,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:435
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7030,17 +7047,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:452
msgid "sshd"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:461
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:450
+#: sssd-ad.5.xml:464
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7048,7 +7065,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:479
#, no-wrap
msgid ""
" ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7056,7 +7073,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:456
+#: sssd-ad.5.xml:470
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7068,22 +7085,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:487
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:478
+#: sssd-ad.5.xml:492
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:487
+#: sssd-ad.5.xml:501
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:504
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7091,7 +7108,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:519
#, no-wrap
msgid ""
" ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7099,7 +7116,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:510
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7111,17 +7128,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:527
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:522
+#: sssd-ad.5.xml:536
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:525
+#: sssd-ad.5.xml:539
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7129,7 +7146,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:539
+#: sssd-ad.5.xml:553
#, no-wrap
msgid ""
" ad_gpo_map_service = +my_pam_service\n"
@@ -7137,7 +7154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:531 sssd-ad.5.xml:596
+#: sssd-ad.5.xml:545 sssd-ad.5.xml:615
msgid ""
"It is possible to add a PAM service name to the default set by using "
"<quote>+service_name</quote>. Since the default set is empty, it is not "
@@ -7148,19 +7165,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:549
+#: sssd-ad.5.xml:563
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:552
+#: sssd-ad.5.xml:566
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:580
#, no-wrap
msgid ""
" ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7168,7 +7185,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:557
+#: sssd-ad.5.xml:571
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7180,29 +7197,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:574
+#: sssd-ad.5.xml:588
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:579
+#: sssd-ad.5.xml:593
msgid "sudo-i"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:598
+msgid "systemd-user"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:588
+#: sssd-ad.5.xml:607
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:591
+#: sssd-ad.5.xml:610
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:604
+#: sssd-ad.5.xml:623
#, no-wrap
msgid ""
" ad_gpo_map_deny = +my_pam_service\n"
@@ -7210,12 +7232,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:614
+#: sssd-ad.5.xml:633
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:636
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7228,52 +7250,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:649
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:634
+#: sssd-ad.5.xml:653
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:639
+#: sssd-ad.5.xml:658
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:663
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:649
+#: sssd-ad.5.xml:668
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:654
+#: sssd-ad.5.xml:673
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:659
+#: sssd-ad.5.xml:678
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:683
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:689
msgid "Default: deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:679
+#: sssd-ad.5.xml:698
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7284,27 +7306,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:709
+#: sssd-ad.5.xml:728
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:745
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:753 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:775 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:775 sssd-krb5.5.xml:496
+#: sssd-ad.5.xml:797 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:778 sssd-krb5.5.xml:499
+#: sssd-ad.5.xml:800 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise "
"principal. See section 5 of RFC 6806 for more details about enterprise "
@@ -7312,7 +7334,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:823
+#: sssd-ad.5.xml:845
msgid ""
"The following example assumes that SSSD is correctly configured and "
"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
@@ -7320,7 +7342,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:852
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7335,7 +7357,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:850
+#: sssd-ad.5.xml:872
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7344,7 +7366,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:846
+#: sssd-ad.5.xml:868
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7352,7 +7374,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:856
+#: sssd-ad.5.xml:878
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7821,7 +7843,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79 sss_ssh_knownhostsproxy.1.xml:78
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> "
"<replaceable>DOMAIN</replaceable>"
@@ -9429,7 +9451,9 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_ssh_authorizedkeys.1.xml:58
#, no-wrap
-msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -9438,20 +9462,20 @@ msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> "
"<manvolnum>8</manvolnum></citerefentry> can be configured to use it by "
-"putting the following directive in <citerefentry> "
+"putting the following directives in <citerefentry> "
"<refentrytitle>sshd_config</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry>: <placeholder "
"type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:69
+#: sss_ssh_authorizedkeys.1.xml:70
#, no-wrap
msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:63
msgid ""
"If <quote>PubkeyAgent</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> "
@@ -9462,19 +9486,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:84
+#: sss_ssh_authorizedkeys.1.xml:85
msgid ""
"Search for user public keys in SSSD domain "
"<replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is "
"returned."
diff --git a/src/man/po/tg.po b/src/man/po/tg.po
index 0f8440dbc..67334d724 100644
--- a/src/man/po/tg.po
+++ b/src/man/po/tg.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.2\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-01-08 18:14+0100\n"
+"POT-Creation-Date: 2015-02-18 16:52+0100\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/"
@@ -82,7 +82,7 @@ msgstr ""
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "ИМКОНОТҲО"
@@ -227,8 +227,8 @@ msgstr ""
#: sssd.conf.5.xml:81 sssd.conf.5.xml:571 sssd.conf.5.xml:1014
#: sssd-ldap.5.xml:1625 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1784
#: sssd-ldap.5.xml:2273 sssd-ldap.5.xml:2338 sssd-ldap.5.xml:2356
-#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:410 sssd-ad.5.xml:166 sssd-ad.5.xml:250
-#: sssd-ad.5.xml:695 sssd-ad.5.xml:784 sssd-krb5.5.xml:490
+#: sssd-ipa.5.xml:378 sssd-ipa.5.xml:413 sssd-ad.5.xml:166 sssd-ad.5.xml:264
+#: sssd-ad.5.xml:714 sssd-ad.5.xml:806 sssd-krb5.5.xml:490
msgid "Default: true"
msgstr "Пешфарз: true"
@@ -248,7 +248,7 @@ msgstr ""
#: sssd.conf.5.xml:94 sssd.conf.5.xml:968 sssd.conf.5.xml:2043
#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1499 sssd-ldap.5.xml:1518
#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:2060 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:540 sssd-krb5.5.xml:257
+#: sssd-ipa.5.xml:208 sssd-ipa.5.xml:543 sssd-krb5.5.xml:257
#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
msgid "Default: false"
msgstr "Пешфарз: false"
@@ -356,7 +356,7 @@ msgid ""
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter described the list of domains in the order you want "
"them to be queried. A domain name should only consist of alphanumeric ASCII "
-"characters, dashes and underscores."
+"characters, dashes, dots and underscores."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -541,8 +541,8 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:336 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1458
-#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:543
-#: sssd-ad.5.xml:608 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
+#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:557
+#: sssd-ad.5.xml:627 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
#: include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
@@ -1694,7 +1694,7 @@ msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:224
msgid "Default: 0 (disabled)"
msgstr ""
@@ -2618,7 +2618,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:2246 sssd-ldap.5.xml:2518 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:715 sssd-ad.5.xml:821 sssd-krb5.5.xml:519
+#: sssd-ipa.5.xml:718 sssd-ad.5.xml:843 sssd-krb5.5.xml:519
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "НАМУНА"
@@ -3494,7 +3494,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:738 sssd-ldap.5.xml:831 sssd-ldap.5.xml:1058
#: sssd-ldap.5.xml:1132 sssd-ldap.5.xml:2102 sssd-ldap.5.xml:2441
-#: sssd-ipa.5.xml:588
+#: sssd-ipa.5.xml:591
msgid "Default: cn"
msgstr ""
@@ -4250,7 +4250,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1479
msgid ""
-"Specifies acceptable cipher suites. Typically this is a colon separated "
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
msgstr ""
@@ -4411,7 +4411,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:739
+#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:761
msgid "Default: 86400 (24 hours)"
msgstr ""
@@ -4449,7 +4449,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:385 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:388 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
@@ -4464,7 +4464,7 @@ msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:400 sssd-krb5.5.xml:453
+#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:403 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
@@ -5395,7 +5395,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: sssd-ldap.5.xml:2525 sssd-ldap.5.xml:2543 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:723 sssd-ad.5.xml:829 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ipa.5.xml:726 sssd-ad.5.xml:851 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -5430,7 +5430,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2559 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:844 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:866 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "ЭЗОҲҲО"
@@ -5940,7 +5940,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:676
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:695
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5955,7 +5955,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:690
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:709
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5970,12 +5970,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:701
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:720
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:704
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:723
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -5996,19 +5996,24 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:715
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:734
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:718
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:737
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173
+#: sssd-ipa.5.xml:173 sssd-ad.5.xml:742
+msgid "NOTE: This option currently supports only one interface."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:176
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -6016,22 +6021,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:179
+#: sssd-ipa.5.xml:182
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:185
+#: sssd-ipa.5.xml:188
msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:192
+#: sssd-ipa.5.xml:195
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
@@ -6043,12 +6048,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:729
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:751
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:732
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:754
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6056,174 +6061,174 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:745
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:767
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:748
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:770
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:235
+#: sssd-ipa.5.xml:238
msgid ""
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:241
+#: sssd-ipa.5.xml:244
msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:759
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:781
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:762
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:784
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:766
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:788
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260
+#: sssd-ipa.5.xml:263
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263
+#: sssd-ipa.5.xml:266
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:270
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273
+#: sssd-ipa.5.xml:276
msgid "ipa_host_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276
+#: sssd-ipa.5.xml:279
msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:283 sssd-ipa.5.xml:302 sssd-ipa.5.xml:321 sssd-ipa.5.xml:340
+#: sssd-ipa.5.xml:359
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:288 sssd-ipa.5.xml:307 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:295
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:295
+#: sssd-ipa.5.xml:298
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:311
+#: sssd-ipa.5.xml:314
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:314
+#: sssd-ipa.5.xml:317
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:326
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:330
+#: sssd-ipa.5.xml:333
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:333
+#: sssd-ipa.5.xml:336
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:345
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:349
+#: sssd-ipa.5.xml:352
msgid "ipa_views_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:352
+#: sssd-ipa.5.xml:355
msgid "Optional. Use the given string as search base for views containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:364
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368 sssd-krb5.5.xml:245
+#: sssd-ipa.5.xml:371 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:374
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378 sssd-ad.5.xml:787
+#: sssd-ipa.5.xml:381 sssd-ad.5.xml:809
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:388
+#: sssd-ipa.5.xml:391
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:395
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:403
+#: sssd-ipa.5.xml:406
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -6231,24 +6236,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:416 sssd-krb5.5.xml:407
+#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:407
msgid "krb5_use_fast (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:410
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:410
msgid ""
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:424
+#: sssd-ipa.5.xml:427
msgid "<emphasis>never</emphasis> use FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:430
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it. This is equivalent to not setting "
@@ -6256,19 +6261,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:433 sssd-krb5.5.xml:424
+#: sssd-ipa.5.xml:436 sssd-krb5.5.xml:424
msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:438
+#: sssd-ipa.5.xml:441
msgid "Default: try"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:441 sssd-krb5.5.xml:435
+#: sssd-ipa.5.xml:444 sssd-krb5.5.xml:435
msgid ""
"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
"SSSD is used with an older version of MIT Kerberos, using this option is a "
@@ -6276,37 +6281,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:794
+#: sssd-ipa.5.xml:453 sssd-ad.5.xml:816
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:453 sssd-ad.5.xml:797
+#: sssd-ipa.5.xml:456 sssd-ad.5.xml:819
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:457 sssd-ad.5.xml:801
+#: sssd-ipa.5.xml:460 sssd-ad.5.xml:823
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:805
+#: sssd-ipa.5.xml:464 sssd-ad.5.xml:827
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:468
+#: sssd-ipa.5.xml:471
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:474
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -6314,17 +6319,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:478 sssd-ipa.5.xml:494 sssd-ad.5.xml:330
+#: sssd-ipa.5.xml:481 sssd-ipa.5.xml:497 sssd-ad.5.xml:344
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:484
+#: sssd-ipa.5.xml:487
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:490
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -6332,12 +6337,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:503
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:506
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -6346,209 +6351,209 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:515
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:517
+#: sssd-ipa.5.xml:520
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:522
+#: sssd-ipa.5.xml:525
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:531
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:534
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:535
+#: sssd-ipa.5.xml:538
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:549
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:549
+#: sssd-ipa.5.xml:552
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:552
+#: sssd-ipa.5.xml:555
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:560
+#: sssd-ipa.5.xml:563
msgid "VIEWS AND OVERRIDES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:572
msgid "ipa_view_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:572
+#: sssd-ipa.5.xml:575
msgid "Objectclass of the view container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:578
msgid "Default: nsContainer"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:581
+#: sssd-ipa.5.xml:584
msgid "ipa_view_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:584
+#: sssd-ipa.5.xml:587
msgid "Name of the attribute holding the name of the view."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:594
+#: sssd-ipa.5.xml:597
msgid "ipa_overide_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:597
+#: sssd-ipa.5.xml:600
msgid "Objectclass of the override objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:600
+#: sssd-ipa.5.xml:603
msgid "Default: ipaOverrideAnchor"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:606
+#: sssd-ipa.5.xml:609
msgid "ipa_anchor_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:612
msgid ""
"Name of the attribute containing the reference to the original object in a "
"remote domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:613
+#: sssd-ipa.5.xml:616
msgid "Default: ipaAnchorUUID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
+#: sssd-ipa.5.xml:622
msgid "ipa_user_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
+#: sssd-ipa.5.xml:625
msgid ""
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:627
+#: sssd-ipa.5.xml:630
msgid "User overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:630
+#: sssd-ipa.5.xml:633
msgid "ldap_user_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:633
+#: sssd-ipa.5.xml:636
msgid "ldap_user_uid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:636
+#: sssd-ipa.5.xml:639
msgid "ldap_user_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:639
+#: sssd-ipa.5.xml:642
msgid "ldap_user_gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:642
+#: sssd-ipa.5.xml:645
msgid "ldap_user_home_directory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:645
+#: sssd-ipa.5.xml:648
msgid "ldap_user_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:651
msgid "ldap_user_ssh_public_key"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:653
+#: sssd-ipa.5.xml:656
msgid "Default: ipaUserOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:659
+#: sssd-ipa.5.xml:662
msgid "ipa_group_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:662
+#: sssd-ipa.5.xml:665
msgid ""
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:667
+#: sssd-ipa.5.xml:670
msgid "Group overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:670
+#: sssd-ipa.5.xml:673
msgid "ldap_group_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:673
+#: sssd-ipa.5.xml:676
msgid "ldap_group_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:678
+#: sssd-ipa.5.xml:681
msgid "Default: ipaGroupOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:565
msgid ""
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
@@ -6558,19 +6563,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:688
+#: sssd-ipa.5.xml:691
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:690
+#: sssd-ipa.5.xml:693
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:694
+#: sssd-ipa.5.xml:697
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6578,7 +6583,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:700
+#: sssd-ipa.5.xml:703
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6590,7 +6595,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:717
+#: sssd-ipa.5.xml:720
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6598,7 +6603,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:724
+#: sssd-ipa.5.xml:727
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6838,18 +6843,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225
+#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:231
-msgid "ad_enable_gc (boolean)"
+msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:234
msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:245
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:248
+msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
@@ -6857,7 +6874,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:242
+#: sssd-ad.5.xml:256
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -6866,12 +6883,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:270
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:259
+#: sssd-ad.5.xml:273
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -6881,14 +6898,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268
+#: sssd-ad.5.xml:282
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:274
+#: sssd-ad.5.xml:288
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -6901,23 +6918,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:287
+#: sssd-ad.5.xml:301
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:291
+#: sssd-ad.5.xml:305
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:297
+#: sssd-ad.5.xml:311
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:303
+#: sssd-ad.5.xml:317
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -6925,17 +6942,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:314
+#: sssd-ad.5.xml:328
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:320
+#: sssd-ad.5.xml:334
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:323
+#: sssd-ad.5.xml:337
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -6943,12 +6960,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:336
+#: sssd-ad.5.xml:350
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:339
+#: sssd-ad.5.xml:353
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -6956,7 +6973,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:345
+#: sssd-ad.5.xml:359
msgid ""
"Note: Using the Group Policy Management Editor this value "
"InteractiveLogonRight is called \"Allow log on locally\" and \"Deny log on "
@@ -6964,7 +6981,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:359
+#: sssd-ad.5.xml:373
#, no-wrap
msgid ""
" ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -6972,7 +6989,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:350
+#: sssd-ad.5.xml:364
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -6984,53 +7001,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:363 sssd-ad.5.xml:434 sssd-ad.5.xml:469 sssd-ad.5.xml:509
-#: sssd-ad.5.xml:570
+#: sssd-ad.5.xml:377 sssd-ad.5.xml:448 sssd-ad.5.xml:483 sssd-ad.5.xml:523
+#: sssd-ad.5.xml:584
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:381
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:372
+#: sssd-ad.5.xml:386
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:377
+#: sssd-ad.5.xml:391
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:396
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:387
+#: sssd-ad.5.xml:401
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:406
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:397
+#: sssd-ad.5.xml:411
msgid "kdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:406
+#: sssd-ad.5.xml:420
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:423
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7038,7 +7055,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:415
+#: sssd-ad.5.xml:429
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7046,7 +7063,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:430
+#: sssd-ad.5.xml:444
#, no-wrap
msgid ""
" ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7054,7 +7071,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:435
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7066,17 +7083,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:452
msgid "sshd"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:461
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:450
+#: sssd-ad.5.xml:464
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7084,7 +7101,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:479
#, no-wrap
msgid ""
" ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7092,7 +7109,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:456
+#: sssd-ad.5.xml:470
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7104,22 +7121,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:487
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:478
+#: sssd-ad.5.xml:492
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:487
+#: sssd-ad.5.xml:501
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:504
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7127,7 +7144,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:519
#, no-wrap
msgid ""
" ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7135,7 +7152,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:510
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7147,17 +7164,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:527
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:522
+#: sssd-ad.5.xml:536
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:525
+#: sssd-ad.5.xml:539
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7165,7 +7182,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:539
+#: sssd-ad.5.xml:553
#, no-wrap
msgid ""
" ad_gpo_map_service = +my_pam_service\n"
@@ -7173,7 +7190,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:531 sssd-ad.5.xml:596
+#: sssd-ad.5.xml:545 sssd-ad.5.xml:615
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7184,19 +7201,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:549
+#: sssd-ad.5.xml:563
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:552
+#: sssd-ad.5.xml:566
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:580
#, no-wrap
msgid ""
" ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7204,7 +7221,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:557
+#: sssd-ad.5.xml:571
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7216,29 +7233,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:574
+#: sssd-ad.5.xml:588
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:579
+#: sssd-ad.5.xml:593
msgid "sudo-i"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:598
+msgid "systemd-user"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:588
+#: sssd-ad.5.xml:607
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:591
+#: sssd-ad.5.xml:610
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:604
+#: sssd-ad.5.xml:623
#, no-wrap
msgid ""
" ad_gpo_map_deny = +my_pam_service\n"
@@ -7246,12 +7268,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:614
+#: sssd-ad.5.xml:633
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:636
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7264,52 +7286,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:649
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:634
+#: sssd-ad.5.xml:653
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:639
+#: sssd-ad.5.xml:658
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:663
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:649
+#: sssd-ad.5.xml:668
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:654
+#: sssd-ad.5.xml:673
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:659
+#: sssd-ad.5.xml:678
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:683
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:689
msgid "Default: deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:679
+#: sssd-ad.5.xml:698
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7320,34 +7342,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:709
+#: sssd-ad.5.xml:728
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:745
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:753 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:775 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:775 sssd-krb5.5.xml:496
+#: sssd-ad.5.xml:797 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:778 sssd-krb5.5.xml:499
+#: sssd-ad.5.xml:800 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:823
+#: sssd-ad.5.xml:845
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7355,7 +7377,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:852
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7370,7 +7392,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:850
+#: sssd-ad.5.xml:872
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7379,7 +7401,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:846
+#: sssd-ad.5.xml:868
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7387,7 +7409,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:856
+#: sssd-ad.5.xml:878
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7854,7 +7876,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -9462,7 +9484,9 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_ssh_authorizedkeys.1.xml:58
#, no-wrap
-msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -9470,19 +9494,20 @@ msgstr ""
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by putting the following directive "
-"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:69
+#: sss_ssh_authorizedkeys.1.xml:70
#, no-wrap
msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:63
msgid ""
"If <quote>PubkeyAgent</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -9493,18 +9518,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:84
+#: sss_ssh_authorizedkeys.1.xml:85
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
diff --git a/src/man/po/uk.po b/src/man/po/uk.po
index bf610a241..57cc251a8 100644
--- a/src/man/po/uk.po
+++ b/src/man/po/uk.po
@@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.2\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-01-08 18:14+0100\n"
+"POT-Creation-Date: 2015-02-18 16:52+0100\n"
"PO-Revision-Date: 2014-06-23 12:22-0400\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian (http://www.transifex.com/projects/p/sssd/language/"
@@ -91,7 +91,7 @@ msgstr ""
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "ПАРАМЕТРИ"
@@ -265,8 +265,8 @@ msgstr ""
#: sssd.conf.5.xml:81 sssd.conf.5.xml:571 sssd.conf.5.xml:1014
#: sssd-ldap.5.xml:1625 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1784
#: sssd-ldap.5.xml:2273 sssd-ldap.5.xml:2338 sssd-ldap.5.xml:2356
-#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:410 sssd-ad.5.xml:166 sssd-ad.5.xml:250
-#: sssd-ad.5.xml:695 sssd-ad.5.xml:784 sssd-krb5.5.xml:490
+#: sssd-ipa.5.xml:378 sssd-ipa.5.xml:413 sssd-ad.5.xml:166 sssd-ad.5.xml:264
+#: sssd-ad.5.xml:714 sssd-ad.5.xml:806 sssd-krb5.5.xml:490
msgid "Default: true"
msgstr "Типове значення: true"
@@ -286,7 +286,7 @@ msgstr ""
#: sssd.conf.5.xml:94 sssd.conf.5.xml:968 sssd.conf.5.xml:2043
#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1499 sssd-ldap.5.xml:1518
#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:2060 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:540 sssd-krb5.5.xml:257
+#: sssd-ipa.5.xml:208 sssd-ipa.5.xml:543 sssd-krb5.5.xml:257
#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
msgid "Default: false"
msgstr "Типове значення: false"
@@ -402,12 +402,19 @@ msgstr "domains"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:181
+#, fuzzy
+#| msgid ""
+#| "A domain is a database containing user information. SSSD can use more "
+#| "domains at the same time, but at least one must be configured or SSSD "
+#| "won't start. This parameter described the list of domains in the order "
+#| "you want them to be queried. A domain name should only consist of "
+#| "alphanumeric ASCII characters, dashes and underscores."
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter described the list of domains in the order you want "
"them to be queried. A domain name should only consist of alphanumeric ASCII "
-"characters, dashes and underscores."
+"characters, dashes, dots and underscores."
msgstr ""
"Домен — це база даних, у якій містяться дані щодо користувачів. SSSD може "
"одночасно використовувати декілька доменів. Вам слід вказати принаймні один "
@@ -645,8 +652,8 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:336 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1458
-#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:543
-#: sssd-ad.5.xml:608 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
+#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:557
+#: sssd-ad.5.xml:627 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
#: include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr "Типове значення: not set"
@@ -2029,7 +2036,7 @@ msgstr ""
"Варто визначити для цього параметра значення 3/4 * entry_cache_timeout."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:224
msgid "Default: 0 (disabled)"
msgstr "Типове значення: 0 (вимкнено)"
@@ -3161,7 +3168,7 @@ msgstr "Типове значення: None, не виконувати жодн
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:2246 sssd-ldap.5.xml:2518 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:715 sssd-ad.5.xml:821 sssd-krb5.5.xml:519
+#: sssd-ipa.5.xml:718 sssd-ad.5.xml:843 sssd-krb5.5.xml:519
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "ПРИКЛАД"
@@ -4205,7 +4212,7 @@ msgstr "Атрибут LDAP, що відповідає повному імені
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:738 sssd-ldap.5.xml:831 sssd-ldap.5.xml:1058
#: sssd-ldap.5.xml:1132 sssd-ldap.5.xml:2102 sssd-ldap.5.xml:2441
-#: sssd-ipa.5.xml:588
+#: sssd-ipa.5.xml:591
msgid "Default: cn"
msgstr "Типове значення: cn"
@@ -5115,13 +5122,8 @@ msgstr "ldap_tls_cipher_suite (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1479
-#, fuzzy
-#| msgid ""
-#| "Specifies acceptable cipher suites. Typically this is a colon sperated "
-#| "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-#| "<manvolnum>5</manvolnum></citerefentry> for format."
msgid ""
-"Specifies acceptable cipher suites. Typically this is a colon separated "
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
msgstr ""
@@ -5324,7 +5326,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Визначає строк дії (у секундах) TGT, якщо використовується GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:739
+#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:761
msgid "Default: 86400 (24 hours)"
msgstr "Типове значення: 86400 (24 години)"
@@ -5376,7 +5378,7 @@ msgstr ""
"варто перейти на використання «krb5_server» у файлах налаштувань."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:385 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:388 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (рядок)"
@@ -5393,7 +5395,7 @@ msgstr ""
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:400 sssd-krb5.5.xml:453
+#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:403 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (булеве значення)"
@@ -6513,7 +6515,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: sssd-ldap.5.xml:2525 sssd-ldap.5.xml:2543 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:723 sssd-ad.5.xml:829 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ipa.5.xml:726 sssd-ad.5.xml:851 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
@@ -6571,7 +6573,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2559 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:844 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:866 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "ЗАУВАЖЕННЯ"
@@ -7236,7 +7238,7 @@ msgstr ""
"цього вузла."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:676
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:695
msgid "dyndns_update (boolean)"
msgstr "dyndns_update (булеве значення)"
@@ -7256,7 +7258,7 @@ msgstr ""
"допомогою параметра «dyndns_iface»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:690
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:709
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -7277,12 +7279,12 @@ msgstr ""
"назву, <emphasis>dyndns_update</emphasis>, у файлі налаштувань."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:701
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:720
msgid "dyndns_ttl (integer)"
msgstr "dyndns_ttl (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:704
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:723
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -7309,12 +7311,12 @@ msgid "Default: 1200 (seconds)"
msgstr "Типове значення: 1200 (секунд)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:715
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:734
msgid "dyndns_iface (string)"
msgstr "dyndns_iface (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:718
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:737
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -7324,7 +7326,12 @@ msgstr ""
"оновлень DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173
+#: sssd-ipa.5.xml:173 sssd-ad.5.xml:742
+msgid "NOTE: This option currently supports only one interface."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:176
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -7335,22 +7342,22 @@ msgstr ""
"назву, <emphasis>dyndns_iface</emphasis>, у файлі налаштувань."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:179
+#: sssd-ipa.5.xml:182
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr "Типове значення: використовувати IP-адресу з’єднання LDAP IPA"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:185
+#: sssd-ipa.5.xml:188
msgid "ipa_enable_dns_sites (boolean)"
msgstr "ipa_enable_dns_sites (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr "Вмикає сайти DNS — визначення служб на основі адрес."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:192
+#: sssd-ipa.5.xml:195
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
@@ -7370,12 +7377,12 @@ msgstr ""
"вважатимуться резервними серверами."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:729
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:751
msgid "dyndns_refresh_interval (integer)"
msgstr "dyndns_refresh_interval (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:732
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:754
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -7387,12 +7394,12 @@ msgstr ""
"є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:745
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:767
msgid "dyndns_update_ptr (bool)"
msgstr "dyndns_update_ptr (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:748
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:770
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -7401,7 +7408,7 @@ msgstr ""
"DNS клієнта. Застосовується, лише якщо значенням dyndns_update буде true."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:235
+#: sssd-ipa.5.xml:238
msgid ""
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
@@ -7411,17 +7418,17 @@ msgstr ""
"переспрямовування."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:241
+#: sssd-ipa.5.xml:244
msgid "Default: False (disabled)"
msgstr "Типове значення: False (вимкнено)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:759
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:781
msgid "dyndns_force_tcp (bool)"
msgstr "dyndns_force_tcp (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:762
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:784
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
@@ -7430,41 +7437,41 @@ msgstr ""
"даними з сервером DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:766
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:788
msgid "Default: False (let nsupdate choose the protocol)"
msgstr "Типове значення: False (надати змогу nsupdate вибирати протокол)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260
+#: sssd-ipa.5.xml:263
msgid "ipa_hbac_search_base (string)"
msgstr "ipa_hbac_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263
+#: sssd-ipa.5.xml:266
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
"Необов’язковий. Використати вказаний рядок як основу пошуку пов’язаних з "
"HBAC об’єктів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:270
msgid "Default: Use base DN"
msgstr "Типове значення: використання базової назви домену"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273
+#: sssd-ipa.5.xml:276
msgid "ipa_host_search_base (string)"
msgstr "ipa_host_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276
+#: sssd-ipa.5.xml:279
msgid "Optional. Use the given string as search base for host objects."
msgstr ""
"Необов’язковий. Використати вказаний рядок як основу пошуку об’єктів вузлів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:283 sssd-ipa.5.xml:302 sssd-ipa.5.xml:321 sssd-ipa.5.xml:340
+#: sssd-ipa.5.xml:359
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
@@ -7473,78 +7480,78 @@ msgstr ""
"налаштування декількох основ пошуку."
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:288 sssd-ipa.5.xml:307 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "Типове значення: значення <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:295
msgid "ipa_selinux_search_base (string)"
msgstr "ipa_selinux_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:295
+#: sssd-ipa.5.xml:298
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
"Необов’язковий. Використати вказаний рядок як основу пошуку карт "
"користувачів SELinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:311
+#: sssd-ipa.5.xml:314
msgid "ipa_subdomains_search_base (string)"
msgstr "ipa_subdomains_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:314
+#: sssd-ipa.5.xml:317
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
"Необов’язковий. Використати вказаний рядок як основу пошуку надійних доменів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:326
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr "Типове значення: значення <emphasis>cn=trusts,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:330
+#: sssd-ipa.5.xml:333
msgid "ipa_master_domain_search_base (string)"
msgstr "ipa_master_domain_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:333
+#: sssd-ipa.5.xml:336
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
"Необов’язковий. Використати вказаний рядок як основу пошуку основного "
"об’єкта домену."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:345
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
"Типове значення: значення виразу <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:349
+#: sssd-ipa.5.xml:352
msgid "ipa_views_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:352
+#: sssd-ipa.5.xml:355
msgid "Optional. Use the given string as search base for views containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:364
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368 sssd-krb5.5.xml:245
+#: sssd-ipa.5.xml:371 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:374
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
@@ -7552,7 +7559,7 @@ msgstr ""
"Перевірити за допомогою krb5_keytab, чи не було підмінено отриманий TGT."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378 sssd-ad.5.xml:787
+#: sssd-ipa.5.xml:381 sssd-ad.5.xml:809
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -7561,7 +7568,7 @@ msgstr ""
"модуля Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:388
+#: sssd-ipa.5.xml:391
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
@@ -7570,7 +7577,7 @@ msgstr ""
"«ipa_domain»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:395
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
@@ -7579,7 +7586,7 @@ msgstr ""
"перетворено у основний DN для виконання дій LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:403
+#: sssd-ipa.5.xml:406
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -7590,12 +7597,12 @@ msgstr ""
"запитів AS. Цю можливість передбачено з версії MIT Kerberos >= 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:416 sssd-krb5.5.xml:407
+#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:407
msgid "krb5_use_fast (string)"
msgstr "krb5_use_fast (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:410
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:410
msgid ""
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
"authentication. The following options are supported:"
@@ -7605,12 +7612,12 @@ msgstr ""
"Kerberos. Передбачено такі варіанти:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:424
+#: sssd-ipa.5.xml:427
msgid "<emphasis>never</emphasis> use FAST."
msgstr "<emphasis>never</emphasis> — (ніколи) не використовувати FAST."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:430
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it. This is equivalent to not setting "
@@ -7621,7 +7628,7 @@ msgstr ""
"еквівалентно невстановленню значення цього параметра взагалі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:433 sssd-krb5.5.xml:424
+#: sssd-ipa.5.xml:436 sssd-krb5.5.xml:424
msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
@@ -7630,12 +7637,12 @@ msgstr ""
"передбачено підтримки FAST, спроба розпізнавання зазнає невдачі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:438
+#: sssd-ipa.5.xml:441
msgid "Default: try"
msgstr "Типове значення: try"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:441 sssd-krb5.5.xml:435
+#: sssd-ipa.5.xml:444 sssd-krb5.5.xml:435
msgid ""
"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
"SSSD is used with an older version of MIT Kerberos, using this option is a "
@@ -7647,28 +7654,28 @@ msgstr ""
"налаштуваннях."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:794
+#: sssd-ipa.5.xml:453 sssd-ad.5.xml:816
#, fuzzy
#| msgid "krb5_ccname_template (string)"
msgid "krb5_confd_path (string)"
msgstr "krb5_ccname_template (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:453 sssd-ad.5.xml:797
+#: sssd-ipa.5.xml:456 sssd-ad.5.xml:819
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:457 sssd-ad.5.xml:801
+#: sssd-ipa.5.xml:460 sssd-ad.5.xml:823
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:805
+#: sssd-ipa.5.xml:464 sssd-ad.5.xml:827
#, fuzzy
#| msgid "Default: not set (no substitution for unset home directories)"
msgid ""
@@ -7678,12 +7685,12 @@ msgstr ""
"каталогів)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:468
+#: sssd-ipa.5.xml:471
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:474
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -7694,17 +7701,17 @@ msgstr ""
"короткого періоду часу надходить багато запитів щодо керування доступом."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:478 sssd-ipa.5.xml:494 sssd-ad.5.xml:330
+#: sssd-ipa.5.xml:481 sssd-ipa.5.xml:497 sssd-ad.5.xml:344
msgid "Default: 5 (seconds)"
msgstr "Типове значення: 5 (секунд)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:484
+#: sssd-ipa.5.xml:487
msgid "ipa_hbac_selinux (integer)"
msgstr "ipa_hbac_selinux (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:490
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -7716,12 +7723,12 @@ msgstr ""
"користувача до системи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:503
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:506
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -7735,7 +7742,7 @@ msgstr ""
"періоду передбачено два режими обробки таких правил:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:515
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
@@ -7744,7 +7751,7 @@ msgstr ""
"DENY, всім користувачам доступ буде заборонено."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:517
+#: sssd-ipa.5.xml:520
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
@@ -7754,22 +7761,22 @@ msgstr ""
"небажаним користувачам."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:522
+#: sssd-ipa.5.xml:525
msgid "Default: DENY_ALL"
msgstr "Типове значення: DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:531
msgid "ipa_server_mode (boolean)"
msgstr "ipa_server_mode (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:534
msgid "This option should only be set by the IPA installer."
msgstr "Цей параметр має встановлюватися лише засобом встановлення IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:535
+#: sssd-ipa.5.xml:538
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
@@ -7778,176 +7785,176 @@ msgstr ""
"і має виконувати пошуки користувачів і груп з довірених доменів окремо."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:549
msgid "ipa_automount_location (string)"
msgstr "ipa_automount_location (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:549
+#: sssd-ipa.5.xml:552
msgid "The automounter location this IPA client will be using"
msgstr ""
"Адреса автоматичного монтування, яку буде використовувати цей клієнт IPA"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:552
+#: sssd-ipa.5.xml:555
msgid "Default: The location named \"default\""
msgstr "Типове значення: адреса з назвою \"default\""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:560
+#: sssd-ipa.5.xml:563
msgid "VIEWS AND OVERRIDES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:572
msgid "ipa_view_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:572
+#: sssd-ipa.5.xml:575
msgid "Objectclass of the view container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:578
msgid "Default: nsContainer"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:581
+#: sssd-ipa.5.xml:584
msgid "ipa_view_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:584
+#: sssd-ipa.5.xml:587
msgid "Name of the attribute holding the name of the view."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:594
+#: sssd-ipa.5.xml:597
msgid "ipa_overide_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:597
+#: sssd-ipa.5.xml:600
msgid "Objectclass of the override objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:600
+#: sssd-ipa.5.xml:603
msgid "Default: ipaOverrideAnchor"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:606
+#: sssd-ipa.5.xml:609
msgid "ipa_anchor_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:612
msgid ""
"Name of the attribute containing the reference to the original object in a "
"remote domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:613
+#: sssd-ipa.5.xml:616
msgid "Default: ipaAnchorUUID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
+#: sssd-ipa.5.xml:622
msgid "ipa_user_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
+#: sssd-ipa.5.xml:625
msgid ""
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:627
+#: sssd-ipa.5.xml:630
msgid "User overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:630
+#: sssd-ipa.5.xml:633
msgid "ldap_user_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:633
+#: sssd-ipa.5.xml:636
msgid "ldap_user_uid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:636
+#: sssd-ipa.5.xml:639
msgid "ldap_user_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:639
+#: sssd-ipa.5.xml:642
msgid "ldap_user_gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:642
+#: sssd-ipa.5.xml:645
msgid "ldap_user_home_directory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:645
+#: sssd-ipa.5.xml:648
msgid "ldap_user_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:651
#, fuzzy
#| msgid "ldap_user_ssh_public_key (string)"
msgid "ldap_user_ssh_public_key"
msgstr "ldap_user_ssh_public_key (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:653
+#: sssd-ipa.5.xml:656
msgid "Default: ipaUserOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:659
+#: sssd-ipa.5.xml:662
msgid "ipa_group_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:662
+#: sssd-ipa.5.xml:665
msgid ""
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:667
+#: sssd-ipa.5.xml:670
msgid "Group overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:670
+#: sssd-ipa.5.xml:673
msgid "ldap_group_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:673
+#: sssd-ipa.5.xml:676
msgid "ldap_group_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:678
+#: sssd-ipa.5.xml:681
msgid "Default: ipaGroupOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:565
msgid ""
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
@@ -7957,12 +7964,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:688
+#: sssd-ipa.5.xml:691
msgid "SUBDOMAINS PROVIDER"
msgstr "СЛУЖБА ПІДДОМЕНІВ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:690
+#: sssd-ipa.5.xml:693
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
@@ -7971,7 +7978,7 @@ msgstr ""
"спосіб його налаштовано: явний чи неявний."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:694
+#: sssd-ipa.5.xml:697
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -7983,7 +7990,7 @@ msgstr ""
"якщо це потрібно."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:700
+#: sssd-ipa.5.xml:703
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -8003,7 +8010,7 @@ msgstr ""
"даних піддоменів буде знову увімкнено."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:717
+#: sssd-ipa.5.xml:720
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8015,7 +8022,7 @@ msgstr ""
"ipa."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:724
+#: sssd-ipa.5.xml:727
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -8351,17 +8358,31 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225
+#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
msgid "Default: Not set"
msgstr "Типове значення: не встановлено"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:231
+#, fuzzy
+#| msgid "ad_hostname (string)"
+msgid "ad_site (string)"
+msgstr "ad_hostname (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:245
msgid "ad_enable_gc (boolean)"
msgstr "ad_enable_gc (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:248
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -8375,7 +8396,7 @@ msgstr ""
"SSSD встановлюватиме зв’язок лише з портом LDAP поточного сервера AD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:242
+#: sssd-ad.5.xml:256
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -8390,12 +8411,12 @@ msgstr ""
"групах для різних доменів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:270
msgid "ad_gpo_access_control (string)"
msgstr "ad_gpo_access_control (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:259
+#: sssd-ad.5.xml:273
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -8410,7 +8431,7 @@ msgstr ""
"«access_provider» значення «ad»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268
+#: sssd-ad.5.xml:282
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
@@ -8420,7 +8441,7 @@ msgstr ""
"користувач увійти до системи певного вузла мережі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:274
+#: sssd-ad.5.xml:288
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -8443,12 +8464,12 @@ msgstr ""
"режиму (enforcing)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:287
+#: sssd-ad.5.xml:301
msgid "There are three supported values for this option:"
msgstr "У цього параметра є три підтримуваних значення:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:291
+#: sssd-ad.5.xml:305
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
@@ -8456,14 +8477,14 @@ msgstr ""
"використовуються примусово."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:297
+#: sssd-ad.5.xml:311
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
"enforcing: правила керування доступом, засновані на GPO, обробляються і "
"використовуються примусово."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:303
+#: sssd-ad.5.xml:317
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -8476,17 +8497,17 @@ msgstr ""
"enforcing."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:314
+#: sssd-ad.5.xml:328
msgid "Default: permissive"
msgstr "Типове значення: permissive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:320
+#: sssd-ad.5.xml:334
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:323
+#: sssd-ad.5.xml:337
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -8494,12 +8515,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:336
+#: sssd-ad.5.xml:350
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:339
+#: sssd-ad.5.xml:353
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -8507,7 +8528,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:345
+#: sssd-ad.5.xml:359
msgid ""
"Note: Using the Group Policy Management Editor this value "
"InteractiveLogonRight is called \"Allow log on locally\" and \"Deny log on "
@@ -8515,7 +8536,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:359
+#: sssd-ad.5.xml:373
#, no-wrap
msgid ""
" ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -8523,7 +8544,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:350
+#: sssd-ad.5.xml:364
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8535,53 +8556,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:363 sssd-ad.5.xml:434 sssd-ad.5.xml:469 sssd-ad.5.xml:509
-#: sssd-ad.5.xml:570
+#: sssd-ad.5.xml:377 sssd-ad.5.xml:448 sssd-ad.5.xml:483 sssd-ad.5.xml:523
+#: sssd-ad.5.xml:584
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:381
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:372
+#: sssd-ad.5.xml:386
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:377
+#: sssd-ad.5.xml:391
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:396
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:387
+#: sssd-ad.5.xml:401
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:406
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:397
+#: sssd-ad.5.xml:411
msgid "kdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:406
+#: sssd-ad.5.xml:420
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:423
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -8589,7 +8610,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:415
+#: sssd-ad.5.xml:429
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -8597,7 +8618,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:430
+#: sssd-ad.5.xml:444
#, no-wrap
msgid ""
" ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -8605,7 +8626,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:435
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8617,17 +8638,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:452
msgid "sshd"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:461
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:450
+#: sssd-ad.5.xml:464
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -8635,7 +8656,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:479
#, no-wrap
msgid ""
" ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -8643,7 +8664,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:456
+#: sssd-ad.5.xml:470
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8655,22 +8676,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:487
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:478
+#: sssd-ad.5.xml:492
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:487
+#: sssd-ad.5.xml:501
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:504
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -8678,7 +8699,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:519
#, no-wrap
msgid ""
" ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -8686,7 +8707,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:510
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8698,17 +8719,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:527
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:522
+#: sssd-ad.5.xml:536
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:525
+#: sssd-ad.5.xml:539
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -8716,7 +8737,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:539
+#: sssd-ad.5.xml:553
#, no-wrap
msgid ""
" ad_gpo_map_service = +my_pam_service\n"
@@ -8724,7 +8745,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:531 sssd-ad.5.xml:596
+#: sssd-ad.5.xml:545 sssd-ad.5.xml:615
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -8735,19 +8756,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:549
+#: sssd-ad.5.xml:563
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:552
+#: sssd-ad.5.xml:566
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:580
#, no-wrap
msgid ""
" ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -8755,7 +8776,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:557
+#: sssd-ad.5.xml:571
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8767,29 +8788,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:574
+#: sssd-ad.5.xml:588
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:579
+#: sssd-ad.5.xml:593
msgid "sudo-i"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:598
+msgid "systemd-user"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:588
+#: sssd-ad.5.xml:607
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:591
+#: sssd-ad.5.xml:610
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:604
+#: sssd-ad.5.xml:623
#, no-wrap
msgid ""
" ad_gpo_map_deny = +my_pam_service\n"
@@ -8797,12 +8823,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:614
+#: sssd-ad.5.xml:633
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:636
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -8815,52 +8841,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:649
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:634
+#: sssd-ad.5.xml:653
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:639
+#: sssd-ad.5.xml:658
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:663
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:649
+#: sssd-ad.5.xml:668
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:654
+#: sssd-ad.5.xml:673
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:659
+#: sssd-ad.5.xml:678
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:683
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
+#: sssd-ad.5.xml:689
msgid "Default: deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:679
+#: sssd-ad.5.xml:698
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -8877,27 +8903,27 @@ msgstr ""
"якщо цю адресу не було змінено за допомогою параметра «dyndns_iface»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:709
+#: sssd-ad.5.xml:728
msgid "Default: 3600 (seconds)"
msgstr "Типове значення: 3600 (секунд)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:745
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr "Типове значення: використовувати IP-адресу з’єднання LDAP AD"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:753 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:775 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr "Типове значення: True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:775 sssd-krb5.5.xml:496
+#: sssd-ad.5.xml:797 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr "krb5_use_enterprise_principal (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:778 sssd-krb5.5.xml:499
+#: sssd-ad.5.xml:800 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
@@ -8907,7 +8933,7 @@ msgstr ""
"реєстраційні дані."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:823
+#: sssd-ad.5.xml:845
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8918,7 +8944,7 @@ msgstr ""
"У прикладі продемонстровано лише параметри доступу, специфічні для засобу AD."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:852
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -8942,7 +8968,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:850
+#: sssd-ad.5.xml:872
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -8954,7 +8980,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:846
+#: sssd-ad.5.xml:868
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -8966,7 +8992,7 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:856
+#: sssd-ad.5.xml:878
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -9570,7 +9596,7 @@ msgstr ""
"Пароль для заплутування буде прочитано зі стандартного джерела вхідних даних."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -11539,18 +11565,30 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_ssh_authorizedkeys.1.xml:58
-#, no-wrap
-msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+#, fuzzy, no-wrap
+#| msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
msgstr "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:51
+#, fuzzy
+#| msgid ""
+#| "If <quote>AuthorizedKeysCommand</quote> is supported, "
+#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#| "manvolnum></citerefentry> can be configured to use it by putting the "
+#| "following directive in <citerefentry> <refentrytitle>sshd_config</"
+#| "refentrytitle> <manvolnum>5</manvolnum></citerefentry>: <placeholder type="
+#| "\"programlisting\" id=\"0\"/>"
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by putting the following directive "
-"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
msgstr ""
"Якщо передбачено підтримку <quote>AuthorizedKeysCommand</quote>, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -11560,13 +11598,13 @@ msgstr ""
"\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:69
+#: sss_ssh_authorizedkeys.1.xml:70
#, no-wrap
msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:63
msgid ""
"If <quote>PubkeyAgent</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -11583,7 +11621,7 @@ msgstr ""
"\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:84
+#: sss_ssh_authorizedkeys.1.xml:85
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
@@ -11591,12 +11629,12 @@ msgstr ""
"replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr "СТАН ВИХОДУ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po
index 124e27163..39f78d0fb 100644
--- a/src/man/po/zh_CN.po
+++ b/src/man/po/zh_CN.po
@@ -6,18 +6,19 @@
# Christopher Meng <cickumqt@gmail.com>, 2012
msgid ""
msgstr ""
-"Project-Id-Version: SSSD\n"
+"Project-Id-Version: sssd-docs 1.12.2\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-01-08 18:14+0100\n"
-"PO-Revision-Date: 2014-06-04 18:04+0000\n"
+"POT-Creation-Date: 2015-02-18 16:52+0100\n"
+"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/"
"language/zh_CN/)\n"
-"Language: zh_CN\n"
+"Language: zh-CN\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: Zanata 3.5.1\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -82,7 +83,7 @@ msgstr ""
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "选项"
@@ -233,8 +234,8 @@ msgstr ""
#: sssd.conf.5.xml:81 sssd.conf.5.xml:571 sssd.conf.5.xml:1014
#: sssd-ldap.5.xml:1625 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1784
#: sssd-ldap.5.xml:2273 sssd-ldap.5.xml:2338 sssd-ldap.5.xml:2356
-#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:410 sssd-ad.5.xml:166 sssd-ad.5.xml:250
-#: sssd-ad.5.xml:695 sssd-ad.5.xml:784 sssd-krb5.5.xml:490
+#: sssd-ipa.5.xml:378 sssd-ipa.5.xml:413 sssd-ad.5.xml:166 sssd-ad.5.xml:264
+#: sssd-ad.5.xml:714 sssd-ad.5.xml:806 sssd-krb5.5.xml:490
msgid "Default: true"
msgstr ""
@@ -254,7 +255,7 @@ msgstr ""
#: sssd.conf.5.xml:94 sssd.conf.5.xml:968 sssd.conf.5.xml:2043
#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1499 sssd-ldap.5.xml:1518
#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:2060 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:540 sssd-krb5.5.xml:257
+#: sssd-ipa.5.xml:208 sssd-ipa.5.xml:543 sssd-krb5.5.xml:257
#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
msgid "Default: false"
msgstr ""
@@ -362,7 +363,7 @@ msgid ""
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter described the list of domains in the order you want "
"them to be queried. A domain name should only consist of alphanumeric ASCII "
-"characters, dashes and underscores."
+"characters, dashes, dots and underscores."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
@@ -547,8 +548,8 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:336 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1458
-#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:543
-#: sssd-ad.5.xml:608 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
+#: sssd-ldap.5.xml:1470 sssd-ldap.5.xml:1552 sssd-ad.5.xml:557
+#: sssd-ad.5.xml:627 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203
#: include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
@@ -1702,7 +1703,7 @@ msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1350 sssd-ipa.5.xml:224
msgid "Default: 0 (disabled)"
msgstr ""
@@ -2626,7 +2627,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:2246 sssd-ldap.5.xml:2518 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:715 sssd-ad.5.xml:821 sssd-krb5.5.xml:519
+#: sssd-ipa.5.xml:718 sssd-ad.5.xml:843 sssd-krb5.5.xml:519
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
@@ -3502,7 +3503,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:738 sssd-ldap.5.xml:831 sssd-ldap.5.xml:1058
#: sssd-ldap.5.xml:1132 sssd-ldap.5.xml:2102 sssd-ldap.5.xml:2441
-#: sssd-ipa.5.xml:588
+#: sssd-ipa.5.xml:591
msgid "Default: cn"
msgstr ""
@@ -4258,7 +4259,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:1479
msgid ""
-"Specifies acceptable cipher suites. Typically this is a colon separated "
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
msgstr ""
@@ -4419,7 +4420,7 @@ msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:739
+#: sssd-ldap.5.xml:1638 sssd-ad.5.xml:761
msgid "Default: 86400 (24 hours)"
msgstr ""
@@ -4457,7 +4458,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:385 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1673 sssd-ipa.5.xml:388 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
@@ -4472,7 +4473,7 @@ msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:400 sssd-krb5.5.xml:453
+#: sssd-ldap.5.xml:1685 sssd-ipa.5.xml:403 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
@@ -5403,7 +5404,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><para>
#: sssd-ldap.5.xml:2525 sssd-ldap.5.xml:2543 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:723 sssd-ad.5.xml:829 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ipa.5.xml:726 sssd-ad.5.xml:851 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
@@ -5438,7 +5439,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:2559 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:844 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:866 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
@@ -5948,7 +5949,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:676
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:695
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5963,7 +5964,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:690
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:709
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5978,12 +5979,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:701
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:720
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:704
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:723
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6004,19 +6005,24 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:715
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:734
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:718
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:737
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173
+#: sssd-ipa.5.xml:173 sssd-ad.5.xml:742
+msgid "NOTE: This option currently supports only one interface."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:176
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -6024,22 +6030,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:179
+#: sssd-ipa.5.xml:182
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:185
+#: sssd-ipa.5.xml:188
msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:192
+#: sssd-ipa.5.xml:195
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
@@ -6051,12 +6057,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:729
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:751
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:732
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:754
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6064,174 +6070,174 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:745
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:767
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:748
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:770
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:235
+#: sssd-ipa.5.xml:238
msgid ""
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:241
+#: sssd-ipa.5.xml:244
msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:759
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:781
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:762
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:784
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:766
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:788
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:260
+#: sssd-ipa.5.xml:263
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:263
+#: sssd-ipa.5.xml:266
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:270
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273
+#: sssd-ipa.5.xml:276
msgid "ipa_host_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276
+#: sssd-ipa.5.xml:279
msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:283 sssd-ipa.5.xml:302 sssd-ipa.5.xml:321 sssd-ipa.5.xml:340
+#: sssd-ipa.5.xml:359
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:288 sssd-ipa.5.xml:307 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:295
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:295
+#: sssd-ipa.5.xml:298
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:311
+#: sssd-ipa.5.xml:314
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:314
+#: sssd-ipa.5.xml:317
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:326
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:330
+#: sssd-ipa.5.xml:333
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:333
+#: sssd-ipa.5.xml:336
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:345
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:349
+#: sssd-ipa.5.xml:352
msgid "ipa_views_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:352
+#: sssd-ipa.5.xml:355
msgid "Optional. Use the given string as search base for views containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:364
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368 sssd-krb5.5.xml:245
+#: sssd-ipa.5.xml:371 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:374
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378 sssd-ad.5.xml:787
+#: sssd-ipa.5.xml:381 sssd-ad.5.xml:809
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:388
+#: sssd-ipa.5.xml:391
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:395
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:403
+#: sssd-ipa.5.xml:406
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -6239,24 +6245,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:416 sssd-krb5.5.xml:407
+#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:407
msgid "krb5_use_fast (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:419 sssd-krb5.5.xml:410
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:410
msgid ""
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:424
+#: sssd-ipa.5.xml:427
msgid "<emphasis>never</emphasis> use FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:430
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it. This is equivalent to not setting "
@@ -6264,19 +6270,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:433 sssd-krb5.5.xml:424
+#: sssd-ipa.5.xml:436 sssd-krb5.5.xml:424
msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:438
+#: sssd-ipa.5.xml:441
msgid "Default: try"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:441 sssd-krb5.5.xml:435
+#: sssd-ipa.5.xml:444 sssd-krb5.5.xml:435
msgid ""
"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
"SSSD is used with an older version of MIT Kerberos, using this option is a "
@@ -6284,37 +6290,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:450 sssd-ad.5.xml:794
+#: sssd-ipa.5.xml:453 sssd-ad.5.xml:816
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:453 sssd-ad.5.xml:797
+#: sssd-ipa.5.xml:456 sssd-ad.5.xml:819
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:457 sssd-ad.5.xml:801
+#: sssd-ipa.5.xml:460 sssd-ad.5.xml:823
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ad.5.xml:805
+#: sssd-ipa.5.xml:464 sssd-ad.5.xml:827
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:468
+#: sssd-ipa.5.xml:471
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:474
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -6322,17 +6328,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:478 sssd-ipa.5.xml:494 sssd-ad.5.xml:330
+#: sssd-ipa.5.xml:481 sssd-ipa.5.xml:497 sssd-ad.5.xml:344
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:484
+#: sssd-ipa.5.xml:487
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:490
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -6340,12 +6346,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:503
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:506
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -6354,211 +6360,209 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:515
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:517
+#: sssd-ipa.5.xml:520
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:522
+#: sssd-ipa.5.xml:525
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:531
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:534
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:535
+#: sssd-ipa.5.xml:538
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:549
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:549
+#: sssd-ipa.5.xml:552
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:552
+#: sssd-ipa.5.xml:555
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:560
+#: sssd-ipa.5.xml:563
msgid "VIEWS AND OVERRIDES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:572
msgid "ipa_view_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:572
+#: sssd-ipa.5.xml:575
msgid "Objectclass of the view container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:575
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-ipa.5.xml:578
msgid "Default: nsContainer"
-msgstr "默认: 3"
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:581
+#: sssd-ipa.5.xml:584
msgid "ipa_view_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:584
+#: sssd-ipa.5.xml:587
msgid "Name of the attribute holding the name of the view."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:594
+#: sssd-ipa.5.xml:597
msgid "ipa_overide_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:597
+#: sssd-ipa.5.xml:600
msgid "Objectclass of the override objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:600
+#: sssd-ipa.5.xml:603
msgid "Default: ipaOverrideAnchor"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:606
+#: sssd-ipa.5.xml:609
msgid "ipa_anchor_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:612
msgid ""
"Name of the attribute containing the reference to the original object in a "
"remote domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:613
+#: sssd-ipa.5.xml:616
msgid "Default: ipaAnchorUUID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
+#: sssd-ipa.5.xml:622
msgid "ipa_user_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
+#: sssd-ipa.5.xml:625
msgid ""
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:627
+#: sssd-ipa.5.xml:630
msgid "User overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:630
+#: sssd-ipa.5.xml:633
msgid "ldap_user_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:633
+#: sssd-ipa.5.xml:636
msgid "ldap_user_uid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:636
+#: sssd-ipa.5.xml:639
msgid "ldap_user_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:639
+#: sssd-ipa.5.xml:642
msgid "ldap_user_gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:642
+#: sssd-ipa.5.xml:645
msgid "ldap_user_home_directory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:645
+#: sssd-ipa.5.xml:648
msgid "ldap_user_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:651
msgid "ldap_user_ssh_public_key"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:653
+#: sssd-ipa.5.xml:656
msgid "Default: ipaUserOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:659
+#: sssd-ipa.5.xml:662
msgid "ipa_group_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:662
+#: sssd-ipa.5.xml:665
msgid ""
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:667
+#: sssd-ipa.5.xml:670
msgid "Group overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:670
+#: sssd-ipa.5.xml:673
msgid "ldap_group_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:673
+#: sssd-ipa.5.xml:676
msgid "ldap_group_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:678
+#: sssd-ipa.5.xml:681
msgid "Default: ipaGroupOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:565
msgid ""
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
@@ -6568,19 +6572,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:688
+#: sssd-ipa.5.xml:691
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:690
+#: sssd-ipa.5.xml:693
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:694
+#: sssd-ipa.5.xml:697
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6588,7 +6592,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:700
+#: sssd-ipa.5.xml:703
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6600,7 +6604,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:717
+#: sssd-ipa.5.xml:720
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6608,7 +6612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:724
+#: sssd-ipa.5.xml:727
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6848,18 +6852,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225
+#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ad.5.xml:231
-msgid "ad_enable_gc (boolean)"
+msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:234
msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:245
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:248
+msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
@@ -6867,7 +6883,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:242
+#: sssd-ad.5.xml:256
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -6876,12 +6892,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:270
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:259
+#: sssd-ad.5.xml:273
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -6891,14 +6907,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268
+#: sssd-ad.5.xml:282
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:274
+#: sssd-ad.5.xml:288
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -6911,23 +6927,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:287
+#: sssd-ad.5.xml:301
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:291
+#: sssd-ad.5.xml:305
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:297
+#: sssd-ad.5.xml:311
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:303
+#: sssd-ad.5.xml:317
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -6935,17 +6951,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:314
+#: sssd-ad.5.xml:328
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:320
+#: sssd-ad.5.xml:334
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:323
+#: sssd-ad.5.xml:337
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -6953,12 +6969,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:336
+#: sssd-ad.5.xml:350
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:339
+#: sssd-ad.5.xml:353
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -6966,7 +6982,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:345
+#: sssd-ad.5.xml:359
msgid ""
"Note: Using the Group Policy Management Editor this value "
"InteractiveLogonRight is called \"Allow log on locally\" and \"Deny log on "
@@ -6974,7 +6990,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:359
+#: sssd-ad.5.xml:373
#, no-wrap
msgid ""
" ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -6982,7 +6998,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:350
+#: sssd-ad.5.xml:364
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -6994,53 +7010,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:363 sssd-ad.5.xml:434 sssd-ad.5.xml:469 sssd-ad.5.xml:509
-#: sssd-ad.5.xml:570
+#: sssd-ad.5.xml:377 sssd-ad.5.xml:448 sssd-ad.5.xml:483 sssd-ad.5.xml:523
+#: sssd-ad.5.xml:584
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:381
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:372
+#: sssd-ad.5.xml:386
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:377
+#: sssd-ad.5.xml:391
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:382
+#: sssd-ad.5.xml:396
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:387
+#: sssd-ad.5.xml:401
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:392
+#: sssd-ad.5.xml:406
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:397
+#: sssd-ad.5.xml:411
msgid "kdm"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:406
+#: sssd-ad.5.xml:420
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:423
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7048,7 +7064,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:415
+#: sssd-ad.5.xml:429
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7056,7 +7072,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:430
+#: sssd-ad.5.xml:444
#, no-wrap
msgid ""
" ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7064,7 +7080,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:421
+#: sssd-ad.5.xml:435
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7076,17 +7092,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:452
msgid "sshd"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:461
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:450
+#: sssd-ad.5.xml:464
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7094,7 +7110,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:465
+#: sssd-ad.5.xml:479
#, no-wrap
msgid ""
" ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7102,7 +7118,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:456
+#: sssd-ad.5.xml:470
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7114,22 +7130,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:487
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:478
+#: sssd-ad.5.xml:492
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:487
+#: sssd-ad.5.xml:501
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:490
+#: sssd-ad.5.xml:504
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7137,7 +7153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:505
+#: sssd-ad.5.xml:519
#, no-wrap
msgid ""
" ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7145,7 +7161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:510
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7157,17 +7173,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:527
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:522
+#: sssd-ad.5.xml:536
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:525
+#: sssd-ad.5.xml:539
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7175,7 +7191,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:539
+#: sssd-ad.5.xml:553
#, no-wrap
msgid ""
" ad_gpo_map_service = +my_pam_service\n"
@@ -7183,7 +7199,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:531 sssd-ad.5.xml:596
+#: sssd-ad.5.xml:545 sssd-ad.5.xml:615
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7194,19 +7210,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:549
+#: sssd-ad.5.xml:563
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:552
+#: sssd-ad.5.xml:566
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:566
+#: sssd-ad.5.xml:580
#, no-wrap
msgid ""
" ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7214,7 +7230,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:557
+#: sssd-ad.5.xml:571
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7226,29 +7242,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:574
+#: sssd-ad.5.xml:588
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:579
+#: sssd-ad.5.xml:593
msgid "sudo-i"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:598
+msgid "systemd-user"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:588
+#: sssd-ad.5.xml:607
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:591
+#: sssd-ad.5.xml:610
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:604
+#: sssd-ad.5.xml:623
#, no-wrap
msgid ""
" ad_gpo_map_deny = +my_pam_service\n"
@@ -7256,12 +7277,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:614
+#: sssd-ad.5.xml:633
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:636
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7274,56 +7295,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:630
+#: sssd-ad.5.xml:649
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:634
+#: sssd-ad.5.xml:653
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:639
+#: sssd-ad.5.xml:658
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:644
+#: sssd-ad.5.xml:663
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:649
+#: sssd-ad.5.xml:668
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:654
-#, fuzzy
-#| msgid "services"
+#: sssd-ad.5.xml:673
msgid "service"
-msgstr "服务"
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:659
+#: sssd-ad.5.xml:678
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:664
+#: sssd-ad.5.xml:683
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:670
-#, fuzzy
-#| msgid "Default: 3"
+#: sssd-ad.5.xml:689
msgid "Default: deny"
-msgstr "默认: 3"
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:679
+#: sssd-ad.5.xml:698
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7334,34 +7351,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:709
+#: sssd-ad.5.xml:728
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:723
+#: sssd-ad.5.xml:745
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:753 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:775 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:775 sssd-krb5.5.xml:496
+#: sssd-ad.5.xml:797 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:778 sssd-krb5.5.xml:499
+#: sssd-ad.5.xml:800 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:823
+#: sssd-ad.5.xml:845
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7369,7 +7386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:830
+#: sssd-ad.5.xml:852
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7384,7 +7401,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:850
+#: sssd-ad.5.xml:872
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7393,7 +7410,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:846
+#: sssd-ad.5.xml:868
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7401,7 +7418,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:856
+#: sssd-ad.5.xml:878
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7868,7 +7885,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8970,16 +8987,10 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:162
-#, fuzzy
-#| msgid ""
-#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-#| "replaceable>"
msgid ""
"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</"
"replaceable>"
msgstr ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:167
@@ -8988,14 +8999,8 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:173
-#, fuzzy
-#| msgid ""
-#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-#| "replaceable>"
msgid "<option>-H</option>,<option>--ssh-hosts</option>"
msgstr ""
-"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
-"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:177
@@ -9317,10 +9322,8 @@ msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32
-#, fuzzy
-#| msgid "sss_groupmod"
msgid "sss_rpcidmapd"
-msgstr "sss_groupmod"
+msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_rpcidmapd.5.xml:33
@@ -9490,7 +9493,9 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_ssh_authorizedkeys.1.xml:58
#, no-wrap
-msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -9498,19 +9503,20 @@ msgstr ""
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by putting the following directive "
-"in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
-"manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:69
+#: sss_ssh_authorizedkeys.1.xml:70
#, no-wrap
msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:63
msgid ""
"If <quote>PubkeyAgent</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -9521,18 +9527,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:84
+#: sss_ssh_authorizedkeys.1.xml:85
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
generated by cgit (git 2.34.1) at 2024-06-09 14:49:01 +0000